ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ai Intelligent Email Automation

邮件自动化,发送/接收/分析。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 71 · 0 current installs · 0 all-time installs
by@yang1002378395-cmyk
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description claim an email automation system, which reasonably requires SMTP/IMAP credentials and a Python runtime. However the skill declares no required binaries or environment variables. The SKILL.md instructs using git, pip and python and expects an external service to run, so the declared metadata is incomplete and inconsistent with the stated purpose.
!
Instruction Scope
The runtime instructions tell the user/agent to git clone a GitHub repository and run pip install and python app.py. That directs the agent to download and execute arbitrary third-party code. The instructions do not specify what configuration/credentials are required, where secrets should go, or what network exposure the app will have.
!
Install Mechanism
There is no formal install spec; instead SKILL.md instructs cloning a GitHub repo and running it. That effectively downloads and executes code from an external source at runtime — higher-risk behavior that should list and verify the origin, specify versions, and declare binaries and packages required.
!
Credentials
The skill declares no required env vars or credentials even though an email automation service normally needs SMTP/IMAP credentials, API keys, and possibly tracking/webhook endpoints. Absence of declared secrets while instructing to run external code is a mismatch and raises the possibility of hidden credential handling or exfiltration paths.
Persistence & Privilege
The skill is not marked always:true and is user-invocable (normal). It does instruct starting a server (python app.py) which could open ports or run background services, but the skill metadata does not request persistent privileges or modify other skills. Still, running an external app increases potential attack surface.
What to consider before installing
This skill is suspicious because its metadata omits required binaries and credentials while its instructions ask you to clone and run an external GitHub project. Before installing or running it: (1) review the GitHub repository contents and commit history to ensure code is trustworthy; (2) confirm which environment variables or config files are required (SMTP/IMAP credentials, API keys, database config) and avoid placing secrets in shared agent environments; (3) run the code in an isolated sandbox or container, not on a production host; (4) prefer an install spec that pins versions and uses signed releases; and (5) if you don't trust the repo or cannot inspect it, do not run git clone && pip install as instructed. Additional useful info to change this assessment: a verified repository URL, a pinned release/tag, a requirements list of needed env vars, or a packaged install with checksums/signatures.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97b6vjkmsna2mr9fkvmrdzxcn836h40

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis

SKILL.md

AI 智能邮件自动化系统

描述

邮件自动化,发送/接收/分析。

功能

  • 批量发送(邮件群发)
  • 自动回复(智能回复)
  • 邮件分类(自动分类)
  • 邮件追踪(已读/点击)
  • 模板管理(模板库)

定价

  • 基础版:¥49/月(500 封/月)
  • 专业版:¥199/月(5000 封/月)
  • 企业版:¥799/月(无限封)

适用场景

  • 邮件营销
  • 客户通知
  • 自动回复
  • 邮件管理

技术栈

  • Python + FastAPI
  • SMTP/IMAP
  • 模板引擎
  • 追踪系统

安装

git clone https://github.com/openclaw-skills/ai-intelligent-email-automation
cd ai-intelligent-email-automation
pip install -r requirements.txt
python app.py

创建:2026-03-13 作者:OpenClaw Skills Team

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…