Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Send Email Tool
v2.5.0邮件发送工具。配置 SMTP 发件人后,通过脚本发送纯文本或 HTML 邮件,支持附件、抄送、密送。在需要发送邮件通知、报告、自动化邮件时触发。
⭐ 0· 524·5 current·5 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (send email via SMTP, HTML, attachments, inline images, templates) match the included script and instructions. No unrelated credentials or services are requested and required functionality (keyring, markdown conversion, template rendering, file attachments) is coherent with the stated purpose.
Instruction Scope
Runtime instructions tell the agent/user to run the included send_email.py script, configure SMTP, and manage credentials via keyring. The script and docs explicitly read local files for templates, attachments, and inline images and persist configuration to ~/.send_email_config.json — this is expected for an email tool but means the skill will access local file paths you supply. The fallback behavior (when keyring is not installed) stores credentials in base64-encoded files in the home directory; that's functionally coherent but weak from a security perspective and should be considered by the user.
Install Mechanism
There is no automated install spec; this is instruction + script. Dependencies are limited to optional Python packages (keyring, markdown) suggested via pip — no remote downloads or obscure installers are used in the package metadata.
Credentials
The skill requests no environment variables or external API keys, which is proportionate. It does persist configuration and (optionally) credentials locally: preferred storage is the system keyring, but the fallback writes base64-encoded username/password files (~/.send_email_username, ~/.send_email_password) and a JSON config (~/.send_email_config.json). Those files are reversible and should be treated as sensitive; their presence is justified by the feature but carries additional risk.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It will create/update files under the user's home directory (config and backup credential files) which is normal for local CLI tools. Note: the skill can be invoked autonomously (disable-model-invocation is false by default) — combined with the ability to attach/inline arbitrary local files, that increases the impact if an agent were compromised, but this is not itself incoherent with the skill's purpose.
Assessment
This skill appears to do what it says (send SMTP email with templates, attachments, inline images). Before installing/using it, consider the following: 1) Prefer installing and using a real system keyring (pip install keyring) so credentials are not stored in the fallback base64 files; if keyring fallback files (~/.send_email_password, ~/.send_email_username) appear delete them and re-save credentials to keyring. 2) Treat the config file (~/.send_email_config.json) and any backup credential files as sensitive — ensure file permissions (0o600) and avoid using on multi-user/shared machines. 3) Test with a non-critical email account and use app-specific passwords (e.g., Gmail App Password) rather than your main account password. 4) Be aware the script will read any local paths you provide (attachments, inline images, template files); do not pass sensitive system files as attachments. 5) If you allow the agent to invoke the skill autonomously, remember that an attacker or misconfigured agent could craft messages that exfiltrate local files — restrict autonomous use or review invocation policies if necessary. 6) If you want stronger protection, review the send_email.py source before use and consider replacing the base64 fallback with proper encryption or forcing keyring-only storage.Like a lobster shell, security has layers — review code before you run it.
latestvk97ccam27ccexw9yfpd92sb2t5824z0z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.