Email

Email management and automation. Send, read, search, and organize emails across multiple providers.

MIT-0 · Free to use, modify, and redistribute. No attribution required.

⭐ 0 · 343 · 2 current installs · 3 all-time installs

by@awspace

MIT-0

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

The name/description, README, SKILL.md, and email_sender.py are coherent: this is an SMTP email sender supporting attachments, multiple providers, TLS/SSL, and environment/config-file credentials. However, the registry metadata lists no required environment variables or primary credential even though the code expects SMTP credentials (username/password) and other SMTP settings; that mismatch is unexpected and should have been declared.

ℹ

Instruction Scope

Runtime instructions stay within the stated purpose (configure SMTP settings, run the Python script, or call the Python API). They explicitly instruct the user to place credentials in email_config.json or environment variables. The skill can read arbitrary files from the workspace to attach and can be invoked from OpenClaw to send those files — expected for an email tool but also a potential vector to exfiltrate sensitive files if misused.

✓

Install Mechanism

This is instruction-only with included Python source; there is no remote install or binary download. requirements.txt lists no external runtime packages. No high-risk install actions (no downloads from arbitrary URLs or extracted archives) were found.

Credentials

The skill requires sensitive credentials (SMTP username/password) at runtime, and the code reads several environment variables (SMTP_SERVER, SMTP_PORT, EMAIL_USERNAME, EMAIL_PASSWORD, EMAIL_SENDER_NAME, EMAIL_USE_TLS, EMAIL_USE_SSL) — but the registry metadata declares no required env vars or primary credential. Omitting declaration of the primary secret (email password) reduces transparency and is disproportionate to what the registry claims.

Persistence & Privilege

The skill is flagged always: true (force-enabled for every agent/session). Combined with the ability to read arbitrary workspace files for attachments and access SMTP credentials, this persistent presence raises the risk that the skill could be used to exfiltrate files or send data without explicit per-session consent. always: true is unusual for a capability that handles sensitive credentials and file attachments.

What to consider before installing

This email skill appears to implement expected SMTP functionality, but take precautions before installing: (1) do not store real credentials in repos — use environment variables or a secrets manager and rotate app passwords; (2) the registry metadata does not declare the sensitive env vars the code reads (EMAIL_PASSWORD), ask the publisher to correct this before trusting the skill; (3) because always: true is set, prefer disabling always-on or require explicit enabling so the skill cannot be invoked by default across agents; (4) review the email_sender.py source yourself (it’s included) and test using a dedicated, limited-permission email account to reduce blast radius; and (5) avoid granting the skill access to directories with sensitive files — attachments can include any workspace file and could be used to exfiltrate secrets.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0

Download zip

latestvk979t6y4w9th358n1e70az8pt181zsnf

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis

Binspython3

SKILL.md

Email 📧

Email management and automation with attachment support.

Features

Send emails with attachments
Support for multiple email providers (Gmail, Outlook, Yahoo, etc.)
HTML and plain text email support
CC and BCC recipients
Test email functionality
Secure TLS/SSL connections

Setup Instructions

1. Configure Email Credentials

Create a configuration file email_config.json in your workspace:

{
  "smtp_server": "smtp.gmail.com",
  "smtp_port": 587,
  "username": "your-email@gmail.com",
  "password": "your-app-password",
  "sender_name": "OpenClaw Assistant",
  "use_tls": true,
  "use_ssl": false
}

2. For Gmail Users (Recommended)

Enable 2-factor authentication on your Google account
Generate an App Password:
- Go to https://myaccount.google.com/security
- Under "Signing in to Google," select "App passwords"
- Generate a new app password for "Mail"
- Use this 16-character password in your config

3. Alternative: Environment Variables

Set these environment variables instead of using a config file:

# Windows
set SMTP_SERVER=smtp.gmail.com
set SMTP_PORT=587
set EMAIL_USERNAME=your-email@gmail.com
set EMAIL_PASSWORD=your-app-password
set EMAIL_SENDER_NAME="OpenClaw Assistant"

# macOS/Linux
export SMTP_SERVER=smtp.gmail.com
export SMTP_PORT=587
export EMAIL_USERNAME=your-email@gmail.com
export EMAIL_PASSWORD=your-app-password
export EMAIL_SENDER_NAME="OpenClaw Assistant"

Usage Examples

Send a Simple Email

python email_sender.py --to "recipient@example.com" --subject "Hello" --body "This is a test email"

Send Email with Attachment

python email_sender.py --to "recipient@example.com" --subject "Report" --body "Please find attached" --attachment "report.pdf" --attachment "data.xlsx"

Send Test Email

python email_sender.py --to "your-email@gmail.com" --test

Using with OpenClaw Commands

"Send email to recipient@example.com with subject Meeting Notes and body Here are the notes from today's meeting"
"Send test email to verify configuration"
"Email the report.pdf file to team@company.com"

Supported Email Providers

Provider	SMTP Server	Port	TLS
Gmail	smtp.gmail.com	587	Yes
Outlook/Office365	smtp.office365.com	587	Yes
Yahoo	smtp.mail.yahoo.com	587	Yes
QQ Mail	smtp.qq.com	587	Yes
Custom SMTP	your.smtp.server.com	587/465	As configured

Python API Usage

from email_sender import EmailSender

# Initialize with config file
sender = EmailSender("email_config.json")

# Send email with attachment
result = sender.send_email(
    to_email="recipient@example.com",
    subject="Important Document",
    body="Please review the attached document.",
    attachments=["document.pdf", "data.csv"]
)

if result["success"]:
    print(f"Email sent with {result['attachments']} attachments")
else:
    print(f"Error: {result['error']}")

Troubleshooting

Common Issues:

Authentication Failed
- Verify your username and password
- For Gmail: Use app password instead of regular password
- Check if 2FA is enabled
Connection Refused
- Verify SMTP server and port
- Check firewall settings
- Try different port (465 for SSL)
Attachment Too Large
- Most providers limit attachments to 25MB
- Consider compressing files or using cloud storage links

Security Notes

Never commit email credentials to version control
Use environment variables for production deployments
Regularly rotate app passwords
Consider using dedicated email accounts for automation

Files

6 total

Select a file

Select a file to preview.

Comments

Loading comments…