WeCom邮箱
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is aligned with sending work email, but it relies on undeclared persistent mailbox credential files, including personal or delegated accounts, so it needs review before use.
Use this skill only with a dedicated work mailbox and after verifying how credentials are stored. Do not keep real mailbox passwords in Base64, avoid personal or delegated accounts unless explicitly approved, and confirm recipients and message content before every send.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could send an unintended email to real recipients.
The skill documents raw SMTP login and message sending. This is expected for an email-sending skill, but outbound email is an externally visible action that should remain user-confirmed.
server.login(SMTP_USER, SMTP_PASSWORD) server.sendmail(SMTP_USER, ["recipient@example.com"], msg.as_string())
Require explicit confirmation of sender, recipients, subject, body, and any source files before every send.
An agent with access to these files could potentially send mail as a business, delegated, or personal account.
The skill points the agent at local mailbox credential files, including delegated and personal email credentials. This high-impact account access is broader than a single clearly declared dedicated mailbox credential.
凭证文件 | ~/.openclaw/workspace/memory/sc-email-credentials.enc ... SC代发邮箱: 需用户明确授权 ... 个人邮箱: ~/.openclaw/workspace/memory/email-credentials.enc
Use a dedicated least-privileged SMTP account, declare required credentials in metadata, avoid personal mailbox credentials, and require per-message authorization.
Mailbox passwords or recipient data could be exposed, reused across tasks, or modified in persistent memory.
Credentials are stored in a persistent workspace memory location, and the documented storage may be reversible Base64 rather than real encryption. The skill also gives a decode command, increasing exposure risk.
凭证位置: ~/.openclaw/workspace/memory/sc-email-credentials.enc - 编码方式: Base64 或 AES 加密 - 解码命令示例: `base64 -d ~/.openclaw/workspace/memory/sc-email-credentials.enc`
Store secrets in a proper secret manager or protected environment variable, do not use Base64 as credential protection, avoid printing decoded credentials, and document retention and access controls.
If a user or agent later obtains a script with this name from elsewhere, that script would need separate review before use.
The skill references a helper script, but the provided artifact set contains only SKILL.md. The helper script's behavior and provenance were not available for review.
python3 scripts/send-email.py --to "xxx@example.com" --subject "主题" --body "内容"
Include any helper script in the reviewed package or remove the example; do not run an unreviewed email-sending script.