163 Email Skill - SMTP Sender
v1.2.1163email skill - Send emails via 163 SMTP service with custom recipient, subject, content. Support CLI and Python import
⭐ 0· 19·0 current·0 all-time
bygeekclaw@liubindashen
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required binary (python), and requested env vars (CLAW_EMAIL, CLAW_EMAIL_AUTH) match the declared purpose of sending mail via 163 SMTP. The code implements SMTP_SSL login and sendmail to smtp.163.com as expected. Minor metadata/version mismatch across files (registry 1.2.1 vs SKILL.md and skill.json 1.2.0) but this is a bookkeeping issue, not a security one.
Instruction Scope
SKILL.md only instructs setting the email credentials and running the Python module or CLI. The runtime code uses only standard-library smtplib/email and environment variables; it does not read unrelated files or exfiltrate data to unexpected endpoints. The README and examples suggest editing/setting env vars but do not request extra system access.
Install Mechanism
No install spec (instruction-only install), and included code is pure Python relying on the standard library. This is low-risk compared with remote downloads or package installs.
Credentials
The skill requires two environment variables (CLAW_EMAIL, CLAW_EMAIL_AUTH) which are appropriate for SMTP authentication. SKILL.md also documents optional CLAW_SMTP_SERVER and CLAW_SMTP_PORT (not listed in the manifest env array) — a minor inconsistency but not a security issue. Treat CLAW_EMAIL_AUTH as a secret (SMTP auth code) and provide least-privilege credentials.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It does not modify other skills or system-wide settings. Note: the platform default allows autonomous invocation, but this skill has no extra persistence or elevated privileges.
Assessment
This skill is a small, self-contained SMTP email sender; the requested env vars (your 163 address and SMTP auth code) are appropriate for its function. Before installing: 1) Only use an account you trust the skill with (consider a dedicated throwaway/sender account), 2) Treat CLAW_EMAIL_AUTH as a secret and rotate it if exposed, 3) Review the code (it’s short) to confirm behaviour matches expectations, and 4) Note the package/source has no homepage and an unknown owner — while the code appears legitimate, prefer skills from known sources or run it in an environment with limited privileges. Minor issues: version fields differ slightly across files and SKILL.md references optional env vars not declared in the manifest; these are quality issues, not evidence of malicious behavior.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
Binspython
EnvCLAW_EMAIL, CLAW_EMAIL_AUTH
latest
geekclaw@liubindashen
Download163email Skill - Email Sender
Send emails via 163 SMTP service. Support custom recipient, subject, content. Both CLI and Python module import calling methods are supported.
Features
- Send plain text emails via 163 SMTP
- One-click command line invocation
- Python module import support
- SSL encrypted transmission
- Multiple recipients support
Usage
Method 1: Command Line
python send_email.py "recipient@example.com" "Test Subject" "Email content here"
Method 2: Python Import
from src.send_email import send_mail
send_mail(
to="recipient@example.com",
subject="Test Email",
content="This is the email content"
)
Configuration
Set environment variables before use:
export CLAW_EMAIL="your_163_email@163.com"
export CLAW_EMAIL_AUTH="your_smtp_authorization_code"
export CLAW_SMTP_SERVER="smtp.163.com" # optional
export CLAW_SMTP_PORT="465" # optional
Or use in Python:
import os
os.environ["CLAW_EMAIL"] = "your_email@163.com"
os.environ["CLAW_EMAIL_AUTH"] = "your_auth_code"
Requirements
- Python 3.6+
- No third-party dependencies (uses smtplib, email standard library)
License
MIT
Comments
Loading comments...