ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

智能邮件分类助手

v1.0.0

智能邮件分类与自动回复。基于规则自动分类邮件,支持回复模板。

0· 27·0 current·0 all-time
by@freedompixels
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md clearly requires IMAP/SMTP access (email address, IMAP password, IMAP server) to read and send mail, but the registry metadata lists no required environment variables or credentials. A skill that operates on a mailbox should explicitly declare the credential inputs and their handling; the omission is an incoherence between stated requirements and the runtime instructions.
!
Instruction Scope
Instructions tell the agent to read the inbox via IMAP and send replies via SMTP, which matches the stated purpose. However the docs are vague about scope controls and user confirmation: commands like "帮我回复所有工作邮件" could lead to mass auto-replies. There are no safeguards described (confirmation prompts, folder/label limits, rate limits, logging, or handling of attachments), so the agent could read/send many messages without clear user consent.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. Nothing is written to disk by an installer because there is no install mechanism declared.
!
Credentials
The skill needs highly sensitive data (IMAP/SMTP credentials) according to SKILL.md, but the registry lists no required env vars or a primary credential. It also doesn't describe whether credentials are temporary, stored, or provided interactively. The lack of declared credential requirements and storage guidance is disproportionate and ambiguous given the sensitivity of mailbox access.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges in the metadata. There is no indication it would modify other skills or global agent configuration.
What to consider before installing
Before installing or enabling this skill, consider: (1) It will need access to your email account — verify how you will provide credentials (prefer OAuth or an app-specific token) and whether credentials are stored encrypted or not stored at all. (2) Confirm whether the skill will ask before sending replies and whether you can restrict it to a test folder or labels. (3) Ask the publisher for details: where credentials are kept, whether logs or message content leave your system, and how to revoke access. (4) Because the source is 'unknown' and there is no homepage, treat it as higher risk: test on a secondary mailbox first and avoid granting broad access to your primary inbox.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📧 Clawdis
latestvk973x9xj26wwnpqavhtbdjnd09855y2aproductivityvk973x9xj26wwnpqavhtbdjnd09855y2a
27downloads
0stars
1versions
Updated 8h ago
v1.0.0
MIT-0
@freedompixels
latestproductivity
Download

智能邮件分类与自动回复

功能概述

自动分类收件箱邮件,支持基于规则的自动分类和回复模板。

使用方法

分类邮件

帮我分类今天的邮件

查看分类结果

今天有哪些重要邮件?

自动回复

帮我回复所有工作邮件,用标准模板

分类规则

基于发件人地址和主题关键词:

分类规则
工作发件人包含公司域名、主题含"项目/需求/会议"
重要发件人在VIP列表、主题含"紧急/重要"
账单发件人含"bill/invoice/账单"
订阅批量邮件、促销邮件
其他不匹配以上规则的邮件

回复模板

工作邮件回复

您好,

已收到您的邮件,我会尽快处理。

如有紧急事项,请电话联系。

此致
敬礼

账单确认

您好,

账单已收到,将按时处理。

如有疑问请回复此邮件。

谢谢

前置条件

需要配置IMAP账号:

  • 邮箱地址
  • IMAP密码(应用专用密码)
  • IMAP服务器地址

技术实现

  • 使用IMAP协议读取邮件
  • 本地规则引擎分类
  • 使用SMTP发送回复

Comments

Loading comments...