Back to skill
Skillv1.0.0
ClawScan security
QQemail-agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 7:36 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and instructions match its stated purpose (reading via IMAP and sending via SMTP for QQ Mail); nothing in the package is requesting unrelated credentials, external endpoints, or surprising installs — but it does ask users to provide and store email auth codes locally, which has normal privacy implications.
- Guidance
- This skill appears to do what it claims (read/send QQ mail). Before installing/using: (1) Prefer generating an app-specific authorization code (not your QQ login password); (2) Do not paste secrets into public/shared chat history — if you must provide the auth code to an agent, ensure the agent runs locally or that the platform protects chat contents; (3) Restrict permissions of the .env file (e.g., chmod 600) or use a secure OS credential store instead of plaintext; (4) Inspect and run the scripts in an isolated environment (virtualenv/container); (5) Remove or rotate the auth code when no longer needed. If you need the agent to auto-save credentials, only proceed if you trust the runtime environment and storage location.
Review Dimensions
- Purpose & Capability
- okName/description (QQ 邮箱收发) align with included scripts (fetch_orders.py reads IMAP, send_email.py sends via SMTP) and declared dependencies (imap-tools, python-dotenv). No unrelated env vars, binaries, or config paths are requested.
- Instruction Scope
- noteSKILL.md instructs the agent to collect the user's QQ email and authorization code and write them into a local .env file; the scripts read that .env and perform only mailbox access and email sending. This is within scope, but collecting secrets via chat and persisting them in plaintext is a privacy/security concern (expected for purpose, but worth highlighting).
- Install Mechanism
- okNo install spec — instruction-only plus small Python scripts. Dependencies are standard Python packages from PyPI (imap-tools, python-dotenv). No downloads from arbitrary URLs or archive extraction are present.
- Credentials
- noteThe skill needs IMAP/SMTP credentials (authorization code) which are proportionate to its purpose. The package does not request other unrelated secrets. However, it encourages the user to paste the authorization code into the chat and to persist it in a plain .env file, which increases risk of credential exposure if the agent/chat logs or disk are not secured.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not attempt to modify other skills or system-wide settings. Its persistent effect is limited to creating/reading a local .env in the working directory (normal for this kind of tool).