Email Usage
v1.0.2使用本地邮件服务器收发我们自己域名的邮件。固定脚本位于 scripts/ 目录,直接执行即可。发送失败或密码遗忘时联系 小爪子。
⭐ 0· 64·0 current·0 all-time
by@axelhu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The scripts implement sending, reading, and creating local mail accounts and the SKILL.md documents how to run them. Requiring docker (to run 'docker exec mailserver ...' in create_email.py) is consistent with the create-account action. Minor inconsistency: _meta.json lists no required binaries while SKILL.md and the script clearly expect docker.
Instruction Scope
Instructions stay within the stated purpose and only tell you to run the provided scripts. However the instructions direct you to pass plaintext passwords on the command line (exposed in process lists and shell history) and assume a specific local setup (container named 'mailserver', IMAP on localhost:1143, SMTP on localhost:587). The send script will attempt authentication and then fallback to unauthenticated send on auth failure — this is functional but can be abused if run on an open SMTP listener.
Install Mechanism
No install spec — instruction-only with bundled scripts. Nothing is downloaded or written by an installer, which is the lowest-risk install pattern.
Credentials
No environment variables or external credentials are requested by the skill manifest. However create_email.py invokes the local Docker CLI and therefore requires access to the Docker socket/daemon. That gives whoever runs these scripts (or an agent that can invoke them) the ability to execute commands inside the 'mailserver' container and, depending on host configuration, broad local privileges. Also, passing passwords on the CLI exposes secrets via process listings and shell history.
Persistence & Privilege
The skill does not request persistent/always-on presence, does not modify other skills or system-wide config, and is user-invocable only. Autonomous invocation is allowed by default but not combined with other alarming privileges.
Assessment
This skill appears to do what it says (create accounts in a local mailserver container, read via IMAP, send via SMTP). Before using it: 1) Verify you trust the skill source (no homepage and unknown owner). 2) Confirm your environment matches the scripts' assumptions (container named 'mailserver', IMAP on 1143, SMTP on 587). 3) Avoid passing passwords on the command line (use an interactive prompt or protected environment variable) because CLI args appear in process lists and shell history. 4) Be aware create_email.py calls 'docker exec' — the account running the script must have Docker access; that implies significant local privileges and potential for executing arbitrary commands in the container. 5) If you plan to let an agent call these scripts autonomously, restrict which agent actions are allowed and audit logs; do not grant broad host-level Docker access to untrusted agents. If any of these assumptions or requirements are unacceptable, do not install the skill or review/modify the scripts to fit your security policies.Like a lobster shell, security has layers — review code before you run it.
latestvk9764dxkmyzhf5382t6wvpxers84w2ms
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📧 Clawdis
Any bindocker