126 邮箱管理 Skill
v1.0.0126.com 网易邮箱管理 CLI。支持收取/发送邮件、搜索邮件、邮件管理和邮件统计。 当用户提到邮件、邮箱、email、发邮件、收邮件、查邮件、126邮箱时触发。 支持其它 skill 和定时任务调用,所有命令输出 JSON 格式。
⭐ 0· 64·0 current·0 all-time
byPhal studio@slamw
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (126.com email management) align with the included script and SKILL.md. The code talks to imap.126.com and smtp.126.com and stores a local config file; there are no unrelated environment variables, binaries, or external services required.
Instruction Scope
SKILL.md instructs the agent to run the provided Python script with explicit commands for init/config/inbox/send/manage/stats/download. The instructions only reference the local config path (~/mail126_data/config.json) and 126 mail servers. They do not ask the agent to read unrelated files, environment variables, or transmit data to unexpected endpoints.
Install Mechanism
There is no install spec and the skill is instruction+script only. No packages or remote downloads are performed; the script uses only Python standard library. Risk from install mechanics is low.
Credentials
The skill does not request external environment credentials but does require the user's 126 'authorization code' (app-specific password) which it saves in ~/mail126_data/config.json. The code stores the auth_code Base64-encoded (not encrypted) — Base64 is reversible, so treat the file as sensitive. No other unrelated secrets are requested.
Persistence & Privilege
always:false (default) and the skill does not modify other skills or system-wide settings. It stores its own config under the user's home directory only. Autonomous invocation is allowed but is the platform default and not itself a red flag here.
Assessment
This skill appears coherent for managing a 126.com mailbox: it runs a local Python script that connects only to imap.126.com/smtp.126.com and stores config at ~/mail126_data/config.json. Before installing: (1) review the script yourself if possible (it's pure Python standard library); (2) be aware the 'auth_code' is stored Base64-encoded (readable) — use an app-specific authorization code rather than your account password and protect the config file permissions; (3) consider running in a user account or environment where local files are protected; (4) if you allow autonomous agent invocation, remember the agent could send/receive mail using the stored auth_code — only enable that if you trust the agent's behavior. If you want stronger protection, modify the script to encrypt the auth_code or rely on a secure secret store instead of plain Base64.Like a lobster shell, security has layers — review code before you run it.
latestvk975mph4f6rdesyw6yy1kwezan84nkpg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.