Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Qq Mail Monitor
v1.0.0QQ 邮箱自动监控技能,支持定时检查新邮件、TTS 语音播报提醒、邮件收发功能。适用于邮件通知、验证码提取、自动回复等场景。
⭐ 1· 542·3 current·3 all-time
by@ksswei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description match the included scripts (IMAP check, SMTP send, TTS/notification). However the package declares no required environment variables or credentials even though the scripts require an email address and a 16-char authorization code. PUBLISH.md recommends using environment variables, but the actual scripts expect the developer/user to edit Python variables in-place. That mismatch is disproportionate and confusing.
Instruction Scope
SKILL.md tells the user to edit the scripts to set EMAIL and AUTH_CODE and to run/cron the scripts — which is consistent with an install-less script package — but it also promises assistant-level commands like '暂停邮件监控'/'恢复邮件监控' without any implementation hooks. The scripts print full email subject/from and return JSON; printing email contents to stdout may expose sensitive content to logs or the hosting platform. Instructions rely on manual edits rather than secure secret handling.
Install Mechanism
No install spec and requirements.txt lists only standard-library modules. No remote downloads or package installs are requested, so there is low install-time risk. This is an instruction+script package — risk comes from runtime credential handling, not installation.
Credentials
The skill requires sensitive credentials (QQ email and an IMAP/SMTP auth code) to function, but requires.env and primary credential fields are empty. The code uses plain variables EMAIL/AUTH_CODE (placeholders) inside all scripts rather than reading declared env vars, encouraging users to hard-code secrets. That is disproportionate and increases the chance of accidental credential exposure.
Persistence & Privilege
The scripts write state to an absolute path: /Users/qin/.openclaw/workspace/.mail_state.json (in qq_mail_auto_check.py and qq_mail_monitor.py). That path is user-specific, non-portable, and indicates the script will create/modify files outside the skill directory; this unexpected filesystem footprint is a legitimate concern. The skill is not always-enabled and does not modify other skills, but the state file behavior should be corrected.
What to consider before installing
This skill largely does what it says (checks QQ IMAP, sends via SMTP), but take these precautions before installing or running it: 1) Do NOT hard-code your QQ auth code into the scripts. Replace the EMAIL/AUTH_CODE variables with secure environment variables (os.getenv) or a protected secrets store. 2) Change the STATE_FILE path to a location inside the skill's data directory (or configurable via env var) so it won't write to someone else's absolute path (/Users/qin/...). 3) Remember outputs (stdout/cron logs) include email subject/from — treat logs as sensitive and avoid exposing them to untrusted services. 4) Verify cron/task integration and that the runtime environment can reach imap.qq.com/smtp.qq.com. 5) If you need assistant-level pause/resume functionality, inspect or implement the control hooks — they are not present by default. If these inconsistencies worry you or you cannot modify the code, prefer a skill that declares required credentials and reads them from env vars rather than editing files.Like a lobster shell, security has layers — review code before you run it.
latestvk977a04gg5ds3tvb94vtcjw86x824mpt
License
MIT-0
Free to use, modify, and redistribute. No attribution required.