ClawHub

Yandex 360 CLI (Disk, Calendar, Mail)

v1.1.0

CLI tool for Yandex Disk, Calendar, and Mail via Yandex OAuth API

3· 326·0 current·0 all-time
byAlex@smvlx
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the code and instructions: requires node, uses Yandex OAuth endpoints, implements Disk (cloud-api), CalDAV (caldav.yandex.ru), and limited mail notes. Nothing requested (binaries, endpoints) appears unrelated to a Yandex CLI.
Instruction Scope
SKILL.md instructs creating a Yandex OAuth app, storing Client ID/optional secret in ~/.openclaw/yax.env, running an auth flow, and using the CLI commands. Runtime instructions and code only read/write the declared config/token files and call Yandex API endpoints; they do not attempt to access unrelated system paths or exfiltrate data to unknown hosts.
Install Mechanism
No install spec; instruction-only with included node script files. No downloads from arbitrary URLs or extraction of remote archives. Requiring 'node' is proportionate.
Credentials
Declared primaryEnv is YAX_CLIENT_ID (correct). The SKILL.md and code also reference an optional YAX_CLIENT_SECRET saved to ~/.openclaw/yax.env; the secret is optional and not listed as required in metadata—this is plausible but worth noting. The skill writes a token file to ~/.openclaw/yax-token.json (expected for OAuth tokens).
Persistence & Privilege
always:false (no forced inclusion). The skill stores an OAuth token in the user's home directory (normal for CLI tools). It does not modify other skills or system-wide configs.
Assessment
This skill appears to do exactly what it says: a small Node CLI that uses Yandex OAuth and writes a token to ~/.openclaw/yax-token.json. Before installing: (1) confirm you trust the package source (registry metadata lists no homepage while SKILL.md includes a GitHub link), (2) create a Yandex OAuth app and use a dedicated Client ID/secret (don't reuse high-privilege credentials), (3) verify the environment file path (~/.openclaw/yax.env) and token file permissions (they are created with 0600 in code), and (4) be aware mail support is informational only (IMAP/SMTP require network ports that may be blocked). If you need higher assurance, review the full src/yax.cjs contents locally or run the tool in a restricted environment before granting it access to real credentials.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

📁 Clawdis
OSmacOS · Linux
Binsnode
EnvYAX_CLIENT_ID
Primary envYAX_CLIENT_ID
latestvk97f5t2xkt83c7f9zhzpb74rgh82d5xg
326downloads
3stars
2versions
Updated 1mo ago
v1.1.0
MIT-0
macOS, Linux
Alex@smvlx
latest
Download

yax — Yandex 360 CLI

CLI tool for Yandex Disk, Calendar, and Mail via Yandex OAuth API.

Features

  • Disk: info, list, mkdir, upload, download
  • Calendar: list calendars, create events (via CalDAV)
  • Mail: ⚠️ Limited — Yandex has no public HTTP API for mail (IMAP/SMTP only, ports often blocked in cloud)

Prerequisites

  1. Create a Yandex OAuth app at https://oauth.yandex.ru/client/new

    • Redirect URI: https://oauth.yandex.ru/verification_code
    • Required scopes:
      • cloud_api:disk.app_folder — Disk app folder access
      • cloud_api:disk.info — Disk info
      • calendar:all — Calendar read/write
      • mail:smtp — Mail sending (SMTP only, no HTTP API)
    • Note the Client ID and Client Secret

  2. Save config to ~/.openclaw/yax.env:

    YAX_CLIENT_ID=your_app_client_id
YAX_CLIENT_SECRET=your_app_secret_if_any

Setup & Auth

scripts/setup.sh        # Create env template
node src/yax.cjs auth   # OAuth flow (opens browser URL, paste code)

Usage

# Disk
node src/yax.cjs disk info
node src/yax.cjs disk list /
node src/yax.cjs disk mkdir /test-folder
node src/yax.cjs disk upload ./local-file.txt /remote-path.txt
node src/yax.cjs disk download /remote-path.txt ./local-file.txt

# Calendar
node src/yax.cjs calendar list
node src/yax.cjs calendar create "Meeting" "2026-02-14" "11:00:00" "12:00:00" "Holiday meeting" "Europe/Moscow"

# Mail (informational only)
node src/yax.cjs mail

Implementation Details

  • Calendar: Uses raw CalDAV HTTP requests to caldav.yandex.ru. Automatically discovers user login via OAuth info endpoint and calendar paths via PROPFIND. Supports timezone-aware event creation. No external dependencies.
  • Mail: Yandex does not offer a public REST/HTTP API for mail operations. Only IMAP/SMTP is available, which requires direct TCP connections on ports 993/465 — typically blocked in cloud environments (Railway, etc.). The Yandex 360 Admin API exists for organization accounts but is not suitable for personal use.

Scripts

  • scripts/setup.sh — Create env template
  • scripts/start.sh — N/A (CLI tool, not a daemon)
  • scripts/stop.sh — N/A
  • scripts/status.sh — Check auth status

Comments

Loading comments...