qq-mail-read-send
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may fail to use your intended credentials or could send mail from an unexpected QQ account if that hard-coded file exists.
The documented configuration path differs from the sender code's default credential path, and the code authenticates with whichever MAIL_USER and MAIL_PASS are found there.
配置 secrets 文件:`~/.openclaw/secrets/mail_qq.env` ... def load_credentials(env_path=r"C:\Users\Administrator\.openclaw\secrets\mail_qq.env")
Change the code to read the declared config path with user expansion, or to use explicit environment variables, and verify the sender account before any email is sent.
A mistaken recipient, subject, body, CC, or BCC could send a real email externally.
The code can authenticate to QQ SMTP and send an email to supplied recipients, which is purpose-aligned but high-impact.
server.login(user, password)
server.send_message(msg)Use this only after reviewing and confirming the exact recipients and message content.
Private email content may be exposed to the agent, and email body text should not be treated as trusted instructions.
The instructions may fetch multiple emails for local filtering, which can place sensitive and untrusted email contents into the agent's working context.
IMAP 搜索不支持中文,使用 SINCE 获取所有邮件后本地过滤
Use narrow date and sender filters, avoid unnecessary email body retrieval, and do not follow instructions contained inside emails unless the user explicitly approves them.