163 Email Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill does what it claims—accesses 163/126/yeah.net email—but it requires sensitive email credentials and can send mail, so users should handle it carefully.
This appears to be a normal email integration for 163/126/yeah.net accounts. Before installing, understand that it can read your inbox and send mail using the configured authorization code. Use a dedicated/revocable mail auth code, protect the ~/.openclaw/email-monitor/.env file, and require explicit confirmation before sending messages or attachments.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process using this skill with the configured auth code can access the configured mailbox and send email from that account.
The skill requires account credentials for a real email account. This is expected for IMAP/SMTP access, but it grants the agent access to read and send mail.
Credentials in `~/.openclaw/email-monitor/.env` ... `EMAIL_ADDRESS=your@163.com` ... `EMAIL_PASSWORD=your_auth_code`
Use a provider authorization code rather than your login password, keep the .env file private, and revoke the authorization code if you stop using the skill.
A mistaken or overly broad agent action could send an email or attachment to the wrong recipient.
The skill exposes SMTP sending and attachment sending. This is aligned with the email-client purpose, but sending mail or attachments is a high-impact external action.
python3 scripts/mail_client.py send --to recipient@example.com --subject "Hello" --body "Content here" ... --attach /path/to/file.pdf
Review recipient, subject, body, and attachment path before allowing the agent to send email.
Sensitive email text may be shown to the agent, and malicious email content could try to influence the agent's next actions.
The script can place email body content into the agent/user context. Email content is untrusted and may contain sensitive data or instructions aimed at the agent.
body = extract_text_content(email_message) if args.body else "" ... print(f"Preview: {preview}...")Treat email contents as untrusted input. Do not let the agent follow instructions found inside emails unless the user explicitly approves them.
Users have less external context for deciding whether to trust the publisher or audit history.
The skill has limited provenance information. No suspicious install mechanism is shown, but provenance matters for software that handles email credentials.
Source: unknown; Homepage: none
Install only if you trust the registry publisher and review the included script before adding real email credentials.