QQ Mail
PassAudited by ClawScan on May 1, 2026.
Overview
This looks like a straightforward QQ Mail helper, but it gives the agent access to read and send mail when you provide QQ Mail credentials.
Install this only if you want the agent to manage your QQ Mail. Set QQMAIL_USER and QQMAIL_AUTH_CODE securely, review any send or attachment action before it happens, and treat email contents as untrusted external text.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent can access the QQ mailbox associated with the provided credentials and act as that mailbox for supported operations.
The skill requires QQ Mail account identity and an authorization code to access the user's mailbox. This is expected for IMAP/SMTP mail management, but it grants delegated ability to read and send mail.
The skill reads credentials from environment variables: - `QQMAIL_USER` — QQ email address - `QQMAIL_AUTH_CODE` — Authorization code
Use a QQ Mail authorization code rather than your password, keep the environment variables private, and revoke the authorization code when you no longer need the skill.
A mistaken or overly broad attachment path could send sensitive local files to someone else.
The send-with-attachment operation reads a user-supplied local file path and attaches its contents to an outgoing email. This is purpose-aligned but can expose local files if the wrong path or recipient is used.
with open(attachment_path, "rb") as f:
part = MIMEBase("application", "octet-stream")
part.set_payload(f.read())Before sending, confirm the recipient, subject, body, and every attachment path; avoid attaching sensitive files unless explicitly intended.
Sensitive email content may appear in the agent context, and malicious email text could try to influence later actions.
The read operation prints full email bodies into the agent-visible output. Email bodies are untrusted external content and may include sensitive information or instructions intended to manipulate the agent.
body = get_email_body(msg)
...
print(body)Treat email contents as data, not instructions; do not follow requests contained in emails unless the user explicitly confirms them.
It may be harder to verify the author's reputation or compare the script against an upstream project.
The registry metadata does not identify an upstream source or homepage. No remote installer or dependency download is shown, so this is a provenance note rather than evidence of malicious behavior.
Source: unknown; Homepage: none
Review the included script before use and prefer installing skills from sources you trust.