Email IMAP/SMTP
v0.1.0Connect to mainstream email providers and perform reliable send/receive workflows through IMAP and SMTP with password or OAuth2 authentication. Use when a us...
⭐ 0· 194·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (IMAP/SMTP mailbox access) matches the included script and SKILL.md which require IMAP/SMTP host info and either password or OAuth2 credentials. One inconsistency: registry metadata lists no required env vars or primary credential, while SKILL.md and the script explicitly read many EMAIL_* environment variables (credentials and endpoints). This is likely an omission in registry metadata but worth noting.
Instruction Scope
SKILL.md confines actions to mailbox operations (connect, list/search/read/send, build auth URL, refresh token). It explicitly tells the agent to load credentials from env vars and avoid printing secrets. There are no instructions to read unrelated system files, other skills' configs, or to send data to arbitrary external hosts beyond standard OAuth/token endpoints and mail servers.
Install Mechanism
No install spec (instruction-only), and the included Python script runs locally. No downloads or external installers are involved, so installation risk is low. The presence of a code file is expected for this kind of skill.
Credentials
The skill requests many sensitive environment variables (email address, app password or client secret/refresh token/access token). Those are proportionate to performing IMAP/SMTP and OAuth flows. However, the registry metadata does not declare these env vars, creating a transparency gap the user should be aware of.
Persistence & Privilege
The skill is not forced-always and does not request system-wide config changes. It does not claim or appear to modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but not combined with other concerning privileges.
Assessment
This skill appears to be what it claims: a local Python tool for IMAP/SMTP with support for password or OAuth2. Before installing or running it: (1) review scripts/email_ops.py yourself (it will talk to mail servers and OAuth token endpoints); (2) provide only least-privilege credentials — prefer app passwords or an OAuth client with minimal scopes and a refresh token you can revoke; (3) do not paste production account passwords or long-lived secrets into public repos; (4) run in an environment you control (or use throwaway/test accounts) if you are unsure; and (5) note the registry metadata omission — the SKILL.md reads many EMAIL_* env vars, so expect to supply those when using the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk978yc15bhqqjah4wp1aw764kh82rty9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.