qq-mail-reader
v1.0.5读取QQ邮箱邮件。使用IMAP协议连接QQ邮箱,支持多种编码解析。触发场景:用户要求查看邮箱、读取邮件、查看最近邮件、筛选特定邮件等。
⭐ 0· 269·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill is described as an IMAP-based QQ mailbox reader and requires MAIL_USER and MAIL_PASS plus a secrets file in ~/.openclaw/secrets/mail_qq.env. These requirements align with needing an email address and an IMAP authorization code to log in to imap.qq.com.
Instruction Scope
SKILL.md contains concrete Python IMAP usage and parsing/decoding routines that stay within the stated scope (connect, search, decode, extract body, filter). It does not instruct reading unrelated system files or contacting external endpoints beyond the IMAP server. It does instruct storing credentials in a local secrets file (expected for this use).
Install Mechanism
This is an instruction-only skill with no install spec and no code files. No packages or remote downloads are requested, so there is minimal install risk.
Credentials
Requesting MAIL_USER and MAIL_PASS (QQ IMAP authorization code) is proportionate to reading email, but these are highly sensitive credentials. The metadata also points to a specific local secrets file path. This is expected for an email reader, but users should treat the auth code as sensitive, store it with correct permissions (as the doc suggests), and only provide it to trusted agents.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modify other skills or system-wide agent settings. It only references its own secrets file and runtime env.
Assessment
This skill legitimately needs an email address and an IMAP authorization code to read your QQ mailbox. Before installing: (1) only provide an app-specific QQ IMAP authorization code (not your account password); (2) store the code in the indicated secrets file with strict permissions (chmod 600) and avoid committing it to source control; (3) be aware the skill will read email contents — only install if you trust the skill and the agent runtime; (4) prefer short-lived/rotated credentials when possible and monitor account activity; (5) if you need stronger isolation, consider running mailbox access in a separate environment or using a dedicated read-only mailbox.Like a lobster shell, security has layers — review code before you run it.
latestvk973y1d3gqcrxhkyyzjs1c88vn8391dk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
📧 Clawdis
EnvMAIL_USER, MAIL_PASS
Config~/.openclaw/secrets/mail_qq.env