Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
imap-idle-sender
v1.0.0使用 IMAP IDLE 保持长连接实时监听新邮件,并发送给指定飞书账号。当需要:1)监听新邮件并实时推送通知,2)建立邮件推送服务,3)替代轮询检查新邮件时使用此 skill。
⭐ 1· 134·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements an IMAP IDLE listener and sends notifications to Feishu, which matches the skill's stated purpose. However SKILL.md says Feishu config is "从 openclaw.json 自动获取" while the script defines hardcoded FEISHU_APP_ID/SECRET/USER_ID placeholders and instructs editing the script to set EMAIL/PASSWORD/FEISHU_USER_ID — a mismatch between the documentation and implementation.
Instruction Scope
SKILL.md instructs running the included script and editing it to set credentials. The runtime instructions and code read/write the user's OpenClaw workspace (~/.openclaw/workspace/mail_notifications.json) and create a log in the skill directory. The instructions do not require or declare any environment variables; instead they rely on editing the script to place sensitive credentials in plaintext. The SKILL.md claim of auto-reading openclaw.json is not reflected in the shown code, which is an inconsistency and increases risk.
Install Mechanism
This is instruction-only with an included Python script (no installer). The script requires third-party Python packages (imap-tools, bs4) but there is no declared install spec or dependency manifest. The script itself prints a pip suggestion on ImportError, but relying on user pip installs is error-prone and means arbitrary packages will be fetched at runtime if the user follows instructions.
Credentials
No required environment variables or primary credential are declared, yet the script needs sensitive credentials: the user's email address and IMAP authorization code (PASSWORD), and Feishu app_id/app_secret/user_id. Those are expected to be placed directly in the script per SKILL.md instructions. Storing secrets in code is disproportionate and risky; expected safer alternatives (env vars, secure config) are not used. The script contacts Feishu and the IMAP server — network endpoints are consistent with purpose.
Persistence & Privilege
always is false and the skill does not request system-level privileges. It writes to its own workspace path and log files only. The skill does not modify other skills or system-wide settings according to provided files.
What to consider before installing
This skill appears to implement IMAP IDLE → Feishu notifications, but it asks you to embed sensitive credentials directly into the Python file and it has undeclared Python dependencies. Before installing or running: 1) do not paste real credentials into a file you didn't audit — instead modify the script to read credentials from a secure place (environment variables or a protected config file) and/or validate that it reads openclaw.json as claimed; 2) review the full script (including the truncated remainder) to confirm no unexpected network endpoints or data exfiltration; 3) install dependencies in a virtualenv or container rather than system-wide; 4) restrict file permissions on the script and notification file; 5) consider running the skill under a dedicated account or container with limited network access if you must provide real credentials. If you want, I can: (a) show a safe patch to make the script read credentials from environment variables, (b) scan the rest of the file (provide the truncated part) for additional issues, or (c) suggest a safer deployment pattern (systemd unit + secrets from a key manager).Like a lobster shell, security has layers — review code before you run it.
latestvk973nb9emsfw4kjr60xqz8qmrd832bpg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.