ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

QQ Mail

v1.0.0

Manage QQ Mail via IMAP/SMTP to read, send (with attachments), search emails by subject/sender/date, and list folders using Python.

1· 1.1k·6 current·6 all-time
byleogao@pdpaer
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (QQ Mail IMAP/SMTP client) align with the included python script and the declared requirement of QQMAIL_AUTH_CODE and python3. The script only implements email read/send/search/folder operations against imap.qq.com and smtp.qq.com — all expected for this purpose.
Instruction Scope
SKILL.md instructions are specific and limited: run the provided Python script with environment variables QQMAIL_USER and QQMAIL_AUTH_CODE, enable IMAP/SMTP in QQ settings, and use the documented commands. The instructions do not ask the agent to read unrelated files or credentials, nor do they transmit data to external endpoints beyond QQ's IMAP/SMTP servers. The script does access local file paths only when the user provides an attachment path (expected).
Install Mechanism
There is no install spec and the code uses only Python standard library modules. No external downloads, package installs, or arbitrary URLs are used. Requiring python3 is proportionate.
Credentials
Only QQMAIL_USER and QQMAIL_AUTH_CODE are read by the script, matching the declared primary credential. No unrelated secrets, config paths, or additional environment variables are requested.
Persistence & Privilege
The skill is not set to always:true and does not attempt to modify other skills or system-wide settings. It runs on-demand and requires explicit environment configuration; autonomous invocation is allowed by platform default but is not combined with other red flags here.
Assessment
This skill appears internally consistent for managing QQ Mail via IMAP/SMTP. Before installing: 1) Verify you trust the skill source/owner sinceHomepage/source is missing — review the included scripts yourself. 2) Only set QQMAIL_AUTH_CODE (the IMAP/SMTP authorization code), not your QQ account password; follow QQ's instructions for generating the授权码. 3) Be cautious when using the send-with-attachment command — it reads local file paths you provide. 4) Prefer running the script in a controlled environment (isolated account or container) and avoid placing the auth code in shared/global environment variables. 5) If you plan to allow autonomous agent invocation, remember that the agent could use your auth code to read/send mail when triggered — enable autonomy only if you trust the skill and its maintainer.

Like a lobster shell, security has layers — review code before you run it.

latestvk976kvyzz7gz26sn8ggta3n0qx8144yp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSWindows · Linux · macOS
Binspython3
Primary envQQMAIL_AUTH_CODE

Comments