ClawHub

UniProfit Mail Assistant

v1.0.0

Send emails through the UniProfit OpenClaw-compatible API with a user-created `mail_send` API key. Use when Codex or OpenClaw needs to deliver an already-app...

0· 95·0 current·0 all-time
by@xieziqing
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared env vars (UNIPROFIT_API_BASE_URL, UNIPROFIT_MAIL_SEND_KEY), required binary (python), SKILL.md protocol, and the two scripts all align with a mail-sending integration for UniProfit. Nothing requested appears unrelated to the stated purpose.
Instruction Scope
SKILL.md prescribes only three UniProfit endpoints (/openclaw/credential/me, /openclaw/mail/account/list, /openclaw/mail/send). The execution checklist and input requirements limit actions to listing accounts, selecting a sender, validating fields, and posting the send request. The scripts only read the declared env vars and call those endpoints; they do not access other system files or unrelated env vars.
Install Mechanism
No install spec (instruction-only) and only requires an existing python binary. No downloads or archive extraction are performed, and included scripts are small and readable.
Credentials
Only two environment variables are required and both are directly relevant to the mail-sending purpose. The skill does not request additional credentials or configuration paths. The primary credential in agents/openai.yaml is the mail send key, which matches purpose.
Persistence & Privilege
always is false and the skill does not request persistent system-wide changes or modify other skills. It can be invoked autonomously (platform default), which is expected for a delivery skill; nothing in the package attempts to escalate privilege or persist beyond its intended scope.
Assessment
This package appears coherent and implements only the declared UniProfit mail API calls. Before installing: 1) Verify UNIPROFIT_API_BASE_URL points to a trusted UniProfit endpoint you control (a malicious base URL could receive the API key and request bodies). 2) Use a scoped mail_send key with minimal privileges and rotate it if you suspect exposure. 3) Confirm recipients and final body are approved before sending (the skill will deliver real email). 4) If you want extra assurance, review the two included Python scripts and the SKILL.md; they are short and straightforward. If you do not trust the provided base URL or key, do not set the environment variables.

Like a lobster shell, security has layers — review code before you run it.

latestvk9785c391v56jbdzan0qe0bt2x84hsxd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✉️ Clawdis
Binspython
EnvUNIPROFIT_API_BASE_URL, UNIPROFIT_MAIL_SEND_KEY

Comments