Qq Email
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward QQ Mail email skill, but it needs mailbox credentials and can read, send, attach, and mark emails, so users should configure and use it carefully.
Install only if you want the agent to access your QQ Mail account. Use a QQ authorization code rather than your password, confirm every recipient and attachment before sending, and treat incoming email content as untrusted data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and configuring this skill gives the agent access to your QQ Mail account through the provided authorization code.
The script uses a QQ mailbox address and authorization code from environment variables or TOOLS.md. This is appropriate for SMTP/IMAP email access, but it grants access to send and read mail.
os.environ.get("QQ_EMAIL_ADDRESS", ""), ... os.environ.get("QQ_EMAIL_AUTH", "") ... tools_path = os.path.expanduser("~/.openclaw/workspace/TOOLS.md")Use a QQ Mail authorization code, not your login password; store it carefully, revoke it if no longer needed, and review the code/source before configuring it.
A mistaken or overly broad instruction could send information to the wrong person or alter mailbox read status.
The documented commands can send external email with local file attachments and can change mailbox state by marking messages read. These actions fit the skill purpose but are high-impact if invoked with the wrong recipient, content, file, or UID.
python3 ~/.openclaw/workspace/skills/qq-email/qq_email.py send ... --attachment "/path/to/file.pdf" ... python3 ~/.openclaw/workspace/skills/qq-email/qq_email.py mark-read --uid 123
Confirm recipients, subject, body, attachment paths, and mailbox UIDs before running send or mark-read actions.
Email contents and attachments may enter the agent's working context, and malicious emails could try to influence the agent's next actions.
The code extracts email bodies and attachment payloads for the agent to process. Inbox content is sensitive and may also contain untrusted instructions from external senders.
def get_email_body(msg): ... body = payload.decode('utf-8', errors='replace') ... attachments.append({"filename": filename, "payload": part.get_payload(decode=True)})Treat email bodies and attachments as untrusted data, avoid following instructions found inside emails unless the user explicitly approves them, and avoid exposing private inbox content unnecessarily.
You are trusting an unknown-source local script with access to your email account.
The skill does not install remote packages, but its source provenance is not identified in the registry metadata. That matters because the script handles email credentials and mailbox data.
Source: unknown ... No install spec — this is an instruction-only skill.
Review the included script and prefer installing from a known, trusted publisher before adding your QQ Mail authorization code.