ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

imap-idle-sender

v1.0.0

使用 IMAP IDLE 保持长连接实时监听新邮件,并发送给指定飞书账号。当需要:1)监听新邮件并实时推送通知,2)建立邮件推送服务,3)替代轮询检查新邮件时使用此 skill。

1· 191·0 current·0 all-time
by@apple133junjiang-a11y

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for apple133junjiang-a11y/imap-idle-sender.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "imap-idle-sender" (apple133junjiang-a11y/imap-idle-sender) from ClawHub.
Skill page: https://clawhub.ai/apple133junjiang-a11y/imap-idle-sender
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install imap-idle-sender

ClawHub CLI

Package manager switcher

npx clawhub@latest install imap-idle-sender
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The code implements an IMAP IDLE listener and sends notifications to Feishu, which matches the skill's stated purpose. However SKILL.md says Feishu config is "从 openclaw.json 自动获取" while the script defines hardcoded FEISHU_APP_ID/SECRET/USER_ID placeholders and instructs editing the script to set EMAIL/PASSWORD/FEISHU_USER_ID — a mismatch between the documentation and implementation.
!
Instruction Scope
SKILL.md instructs running the included script and editing it to set credentials. The runtime instructions and code read/write the user's OpenClaw workspace (~/.openclaw/workspace/mail_notifications.json) and create a log in the skill directory. The instructions do not require or declare any environment variables; instead they rely on editing the script to place sensitive credentials in plaintext. The SKILL.md claim of auto-reading openclaw.json is not reflected in the shown code, which is an inconsistency and increases risk.
Install Mechanism
This is instruction-only with an included Python script (no installer). The script requires third-party Python packages (imap-tools, bs4) but there is no declared install spec or dependency manifest. The script itself prints a pip suggestion on ImportError, but relying on user pip installs is error-prone and means arbitrary packages will be fetched at runtime if the user follows instructions.
!
Credentials
No required environment variables or primary credential are declared, yet the script needs sensitive credentials: the user's email address and IMAP authorization code (PASSWORD), and Feishu app_id/app_secret/user_id. Those are expected to be placed directly in the script per SKILL.md instructions. Storing secrets in code is disproportionate and risky; expected safer alternatives (env vars, secure config) are not used. The script contacts Feishu and the IMAP server — network endpoints are consistent with purpose.
Persistence & Privilege
always is false and the skill does not request system-level privileges. It writes to its own workspace path and log files only. The skill does not modify other skills or system-wide settings according to provided files.
What to consider before installing
This skill appears to implement IMAP IDLE → Feishu notifications, but it asks you to embed sensitive credentials directly into the Python file and it has undeclared Python dependencies. Before installing or running: 1) do not paste real credentials into a file you didn't audit — instead modify the script to read credentials from a secure place (environment variables or a protected config file) and/or validate that it reads openclaw.json as claimed; 2) review the full script (including the truncated remainder) to confirm no unexpected network endpoints or data exfiltration; 3) install dependencies in a virtualenv or container rather than system-wide; 4) restrict file permissions on the script and notification file; 5) consider running the skill under a dedicated account or container with limited network access if you must provide real credentials. If you want, I can: (a) show a safe patch to make the script read credentials from environment variables, (b) scan the rest of the file (provide the truncated part) for additional issues, or (c) suggest a safer deployment pattern (systemd unit + secrets from a key manager).

Like a lobster shell, security has layers — review code before you run it.

latestvk973nb9emsfw4kjr60xqz8qmrd832bpg
191downloads
1stars
1versions
Updated 11h ago
v1.0.0
MIT-0
@apple133junjiang-a11y
latest
Download

IMAP IDLE 邮件监听

使用 IMAP IDLE 模式保持长连接,实时接收服务器推送的新邮件通知。

快速开始

1. 运行监听脚本

python ~/.openclaw/skills/imap-idle/scripts/imap_idle.py

脚本会在后台保持运行,收到新邮件时:

  • 控制台打印通知
  • 写入通知文件:~/.openclaw/workspace/mail_notifications.json

2. 配置自启动(可选)

使用 OpenClaw cron 定时检查通知文件,或配置系统服务开机启动。

配置修改

如需修改邮箱配置,编辑 scripts/imap_idle.py

IMAP_SERVER = "imap.qq.com"  # IMAP 服务器
IMAP_PORT = 993               # 端口
EMAIL = "你的邮箱@qq.com"      # 邮箱账号
PASSWORD = "你的授权码"        # 授权码

支持的邮箱

  • QQ 邮箱 ✓
  • Gmail(需使用 App Password)
  • Outlook
  • 其他支持 IMAP IDLE 的邮箱

通知文件格式

mail_notifications.json 内容示例:

[
  {
    "subject": "邮件主题",
    "from": {
      "name": "发件人姓名",
      "email": "from@example.com"
    },
    "date": "Thu, 26 Feb 2026 10:30:00 +0800",
    "received_at": "2026-02-26T10:30:00"
  }
]

与飞书集成

新邮件到达时自动发送飞书通知(卡片消息):

  • 📧 显示发件人姓名和邮箱
  • 📝 显示邮件主题
  • 📄 显示邮件摘要(前200字)

飞书配置(从 openclaw.json 自动获取):

  • 发送给用户 飞书ID: ou_febxxxxxxxxxxxxxxxx

如需修改接收人,编辑 scripts/imap_idle.py 中的 FEISHU_USER_ID

注意事项

  • 需要邮箱开启 IMAP 服务
  • QQ/Gmail 等需要使用授权码而非登录密码
  • IDLE 超时后会自动重连

Comments

Loading comments...