ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

139mail

v1.0.0

139邮箱邮件收发 Skill - 支持 IMAP/SMTP 协议,兼容139/QQ/163/Gmail等主流邮箱 功能: 1. 发送邮件(SMTP) 2. 接收邮件(IMAP) 3. 查看收件箱列表 4. 查看未读邮件 当用户提到 "发邮件"、"收邮件"、"查看邮件"、"邮箱" 或 "email" 时激活此 s...

1· 472·2 current·2 all-time
byZhang Dong@chang-tong
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and package.json: the skill implements send/list/read via SMTP/IMAP and depends on nodemailer/imap/mailparser — all expected for an email client.
Instruction Scope
SKILL.md instructs storing credentials in a local config and describes usage; the runtime script reads a local JSON config and may print connection info during a 'test'. Minor inconsistency: SKILL.md suggests ~/.openclaw/skills/139mail/config/email.json while the script reads ../config/email.json relative to the package root. Also the script will read files passed as attachments (expected) and will output some config values during 'test'.
Install Mechanism
This is an instruction+code skill with typical npm dependencies listed in package.json and package-lock.json; there is no remote arbitrary download, no URL shorteners, and dependencies are standard email-related packages.
Credentials
No environment variables or external credentials are requested; credentials are expected in a local config file (email/password). This is proportional for an email client, but storing plaintext credentials in a file is sensitive and should be handled carefully.
Persistence & Privilege
always is false and the skill does not request system-wide settings or modify other skills. It only reads its own config and files specified for attachments.
Assessment
This skill appears to be what it claims: an IMAP/SMTP email client implemented in Node.js. Before installing: (1) confirm where the config file lives (SKILL.md path and script path differ) and place your credentials in the correct location; (2) prefer using provider 'authorization codes' or app-specific passwords (not your main account password); (3) restrict file permissions on the config (chmod 600) and avoid committing it to git; (4) be aware the script sets tlsOptions.rejectUnauthorized = false for IMAP connections (this weakens certificate validation and could allow MITM attacks) — consider modifying the code to enable proper TLS verification for your mail servers; (5) review or sandbox the skill if you are concerned about exposing attachments or credentials, and consider using an OS secret manager rather than a plaintext file.

Like a lobster shell, security has layers — review code before you run it.

latestvk97830w2bkg86rskt7nbzazvqd82c57k
472downloads
1stars
1versions
Updated 7h ago
v1.0.0
MIT-0
Zhang Dong@chang-tong
latest
Download

139mail Skill

使用 IMAP/SMTP 协议收发邮件,支持 139 邮箱、QQ 邮箱、163 邮箱、Gmail 等主流邮箱。

功能特性

功能说明
发送邮件支持文本邮件、HTML 邮件、附件
接收邮件查看收件箱、未读邮件、搜索邮件
邮件列表列出最近邮件,支持分页
读取邮件查看邮件详情、正文、附件列表

配置方法

1. 编辑配置文件

~/.openclaw/skills/139mail/config/email.json

2. 配置示例(139 邮箱)

{
  "email": "13811741897@139.com",
  "password": "你的授权码",
  "smtp": {
    "host": "smtp.139.com",
    "port": 465,
    "secure": true
  },
  "imap": {
    "host": "imap.139.com",
    "port": 993,
    "secure": true
  }
}

3. 主流邮箱配置参考

QQ 邮箱:

  • SMTP: smtp.qq.com:465
  • IMAP: imap.qq.com:993
  • 密码: QQ 邮箱授权码

163 邮箱:

  • SMTP: smtp.163.com:465
  • IMAP: imap.163.com:993
  • 密码: 163 邮箱授权码

Gmail:

  • SMTP: smtp.gmail.com:465
  • IMAP: imap.gmail.com:993
  • 密码: 应用专用密码

使用方法

发送邮件

普通邮件:

发邮件给 example@qq.com,主题是 "测试邮件",内容是 "这是一封测试邮件"

带附件的邮件:

发邮件给 example@qq.com,主题是 "文档",内容是 "请查收附件",附件是 /path/to/document.pdf

查看收件箱

查看最近的邮件
显示未读邮件

读取邮件

读取第 3 封邮件
查看邮件详情 12345

安全说明

  • 配置文件存储在本地,不会被上传到云端
  • 建议使用邮箱授权码而非登录密码
  • 配置文件权限已设置为仅用户可读

Comments

Loading comments...