Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Outlook Reader
v1.0.0自动连接Outlook读取指定主题邮件,支持跨文件夹搜索并下载或解压附件到指定目录。
⭐ 0· 72·0 current·0 all-time
by@die0921
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (read Outlook and download attachments) align with the code and SKILL.md: both show use of the Windows COM interface (win32com) to search messages and save attachments. However, the package does not declare required dependencies (pywin32) or mention that it only works on Windows; the code includes a hard-coded save path (C:\Users\jw0921\Desktop\GF_Bills) which is specific to the developer environment and not appropriate as a default.
Instruction Scope
The SKILL.md instructions are explicit about using Outlook COM to enumerate folders, read messages, save attachments and even extract ZIPs — all within scope. Concerns: (1) it suggests automations that could cause data to be forwarded (e.g., '转发给AI助手') which would expose message contents externally if implemented; (2) it recommends a 'cron' scheduling line which is inappropriate for Windows (confusing guidance); (3) recursive folder search and automatic saving/extraction of attachments increases risk of saving/executing malicious payloads. The instructions give the agent latitude to search all folders and handle attachments, which has privacy implications.
Install Mechanism
No install spec (instruction-only + included script), so nothing is downloaded during install — that lowers installer risk. But the bundled Python script depends on win32com (pywin32) which is not declared; absence of dependency metadata is an incoherence (user may run and encounter errors or manually install packages).
Credentials
The skill requests no environment variables or credentials, which is consistent with local Outlook COM access. That is proportionate. Caveats: (1) the script uses a hard-coded user-specific SAVE_DIR which may leak path information or overwrite user data; (2) SKILL.md suggests forwarding emails to an 'AI assistant' — while not implemented in code, that instruction could lead users to configure forwarding and thus exfiltrate sensitive data.
Persistence & Privilege
Flags show no special privileges (always:false, agent invocation allowed). The skill does not attempt to modify other skills or system-wide settings. The only persistence-like suggestion is scheduling (cron) or Outlook rules discussed in docs — these are user actions, not performed by the skill itself.
What to consider before installing
This skill appears to implement what it claims, but review several points before using: 1) It requires pywin32/win32com and only works on Windows — install pywin32 and run on a Windows machine. 2) Change the hard-coded SAVE_DIR to a safe path you control; do not run it with the developer's path. 3) Avoid auto-forwarding emails to external recipients or an 'AI assistant' — that would expose sensitive mailbox data. 4) Be cautious with automatic extraction of ZIPs or saving attachments — scan saved files with antivirus before opening. 5) If you want scheduled runs on Windows use Task Scheduler, not cron; the SKILL.md guidance mixes platforms. 6) Consider running first in a controlled environment and inspect outputs; add logging and explicit confirmation before bulk download/extract. If you need higher assurance, ask the author to (a) declare dependencies, (b) remove hard-coded paths, (c) document exactly what automation will do (no auto-forwarding by default), and (d) optionally add content/type checks and virus scanning for attachments.Like a lobster shell, security has layers — review code before you run it.
latestvk97fwzjrd91wjg79t0g5wmhf5983nqhg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.