QQ mail manager
ReviewAudited by ClawScan on May 13, 2026.
Overview
This skill’s email access, sending, search, attachment, and deletion abilities match its stated QQ Mail management purpose, with visible confirmation guidance for destructive actions.
Install this only if you want the agent to manage your QQ mailbox. Use a QQ IMAP/SMTP authorization code, not your account password, and review confirmations carefully before sending messages or moving/deleting mail.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill gives it the ability to access the configured QQ mailbox with the authorization code.
The skill requires a QQ mailbox address and IMAP/SMTP authorization code, which is expected for QQ Mail access but gives the skill delegated mailbox authority.
Required env vars: QQ_EMAIL, QQ_EMAIL_AUTH_CODE
Use a QQ authorization code rather than your login password, keep it private, and revoke or rotate it if you stop using the skill.
If used incorrectly, the skill could move/delete messages or send email from your QQ account, though the documented workflow requires confirmation first.
The skill can perform high-impact actions such as deleting/moving and sending email, but the instructions explicitly require preview and user confirmation.
删除/移动邮件必须先预览(不加 `--confirm`)并展示给用户,用户明确确认后才执行;发送邮件必须先展示收件人、主题、正文摘要,确认后才发送
Review the preview carefully before confirming deletes, moves, replies, or sends.
Email subjects, senders, recipients, dates, and body previews may be exposed to the agent during semantic search.
Semantic search can pull up to 100 emails from a selected folder and include body previews in the agent context for analysis.
MAX_FETCH = 100 ... "body_preview": extract_body_text(msg)
Use semantic search only when needed and avoid running it over folders containing highly sensitive emails unless you are comfortable sharing those previews with the agent.
A local file could be sent as an email attachment if the agent is instructed to include that path.
The send-mail script can read user-specified local attachment paths and include them in outgoing email, which is normal for email sending but sensitive if the wrong file is selected.
parser.add_argument('--attachments', help='附件路径(多个逗号分隔)') ... with open(filepath, 'rb') as f:Confirm the recipient and any attachment paths before sending messages with attachments.