Aliyun Mail
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: aliyun-mail Version: 1.0.0 The OpenClaw skill is designed to send emails via Aliyun enterprise mail. Its core functionality involves reading user-specified files for email bodies and attachments, and sending them to a user-specified recipient via an SMTP server. While file access and network communication are inherently 'risky capabilities', they are directly aligned with the stated purpose of an email sending tool. There is no evidence of intentional malicious behavior such as unauthorized data exfiltration, persistence mechanisms, or prompt injection attempts against the agent in SKILL.md or README.md. The documentation even provides good security practices for handling credentials.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user selects the wrong attachment or recipient, private local files could be emailed externally.
The tool can read user-specified local files and include them in an outgoing email. This is the advertised attachment feature, but it can transmit private files if invoked with the wrong paths or recipient.
with open(filepath, "rb") as attachment: ... part.set_payload(attachment.read()) ... server.sendmail(msg['From'], to_email, text)
Review recipients, message content, and attachment paths before sending. Consider using a dedicated directory or allowlist for files that may be attached.
Anyone or any agent process able to use this configured skill may be able to send email through the configured account.
The skill requires SMTP account credentials so it can authenticate and send mail as the configured account. This is expected for an SMTP email-sending skill, but it grants delegated authority over that mailbox.
"username": "your-email@yourdomain.com", "password": "your-app-password"
Use an app-specific password or dedicated mailbox with limited permissions, keep the config file private, and rotate credentials if the environment is shared or compromised.
A future dependency version change could affect behavior or introduce vulnerabilities.
The documented dependency installation uses unpinned package names. These packages are purpose-aligned for Markdown conversion and highlighting, but unpinned installs can change over time.
pip install markdown pygments
Install dependencies from a trusted package index and consider pinning known-good versions in a controlled environment.