163mail
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: 163mail Version: 1.0.0 The skill bundle provides functional email management for 163.com but contains significant security vulnerabilities and poor practices. Specifically, index.js explicitly disables TLS certificate validation (rejectUnauthorized: false), exposing email credentials and content to Man-in-the-Middle (MitM) attacks. Furthermore, the bundle includes a config.json file containing hardcoded credentials and test scripts (send-email.js, send-word-email.js) that send data to a specific external address (zongxuliang@163.com). While these appear to be unintentional developer oversights rather than intentional malware, the high-risk configuration warrants a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing or inspecting the skill could gain access to that mailbox authorization code, and the agent may use the bundled account by default.
The package includes a populated mailbox configuration with authorization-code fields instead of only the documented template.
"email": "zong.yz@163.com", "imapPassword": "[redacted]", "smtpPassword": "[redacted]"
Remove config.json from the package, revoke the exposed 163 authorization code, and require each user to provide their own credentials through a secure config path or environment variables.
If this script is run, it can send an email from the configured account without the user explicitly choosing the recipient or message content.
This included standalone script sends a prewritten message to a hardcoded recipient using the configured mailbox, rather than requiring a user-provided recipient and body.
skill.utils.sendEmail('zongxuliang@163.com', '好好看下这篇文章', email).then(result => {Remove hardcoded mail-sending scripts or convert them into documented examples that require explicit user-supplied recipient, subject, body, and confirmation.
Running this file can immediately create and send an attachment from the configured mailbox, even though attachment sending is not part of the documented command set.
The file calls its send function at top level, creating a document and sending it as an attachment to a fixed address whenever the script is executed.
to: 'zongxuliang@163.com', ... attachments: [{ filename: 'OpenClaw_Introduction.docx', path: filePath }] ... createAndSendWordEmail();Do not ship self-executing helper scripts that perform account actions; require an explicit command path, user parameters, and confirmation for sending attachments.
A network attacker could impersonate the mail server more easily and potentially observe mailbox credentials or email contents.
The IMAP client disables TLS certificate verification for a credential-bearing connection.
tlsOptions: { rejectUnauthorized: false },Remove rejectUnauthorized: false and rely on normal certificate validation unless the user explicitly configures a trusted certificate exception.