Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
work-mail-notifier
v2.0.0QQ邮箱工作邮件监控与标注已读。当用户提到工作邮件通知、邮件日报、新邮件提醒、或需要标注邮件已读时触发。
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The scripts' purpose (monitor QQ mailbox and mark read) matches the skill description, but the skill metadata declares no required binaries or config paths while the code depends on the 'himalaya' CLI and reads/writes files under /home/ubuntu/.openclaw/workspace/data. Requiring a local mail client and specific home-path is expected for the purpose, but the metadata omission is an inconsistency that affects install/permission expectations.
Instruction Scope
The SKILL.md instructs running the included Python scripts which only call the local 'himalaya' CLI and read/write local state files. The instructions do not request any external network endpoints or environment variables, and the scripts do not exfiltrate data. However, SKILL.md does not document the required himalaya binary or the dependency on python html2text, nor does it document the absolute filesystem paths used, so the operational scope is under-documented.
Install Mechanism
There is no install spec (instruction-only with bundled scripts). No third-party downloads or archive extraction are performed. This lowers install risk, but it also means the skill relies on the runtime environment to already have required tools (himalaya, python packages).
Credentials
The skill requests no declared credentials, but it implicitly relies on the local himalaya account configuration (which contains mailbox credentials) and reads/writes state files under /home/ubuntu/.openclaw/workspace/data. Implicit access to the user's mail client configuration is proportionate to the stated function but should have been declared; the hard-coded /home/ubuntu path may also mismatch user environments and inadvertently read other users' data on multi-user systems.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or global agent settings. It writes only to its own workspace files under the user's home directory and stores last-notification references — this is normal for a notifier and within expected privilege for its purpose.
What to consider before installing
This skill's code does what it claims (monitor QQ mail via the himalaya CLI and allow marking messages read) but the package metadata omits important runtime requirements. Before installing or running: 1) Confirm you have the himalaya CLI installed and properly configured for your QQ account (the scripts call 'himalaya' and will use its local credentials). 2) Ensure the python dependency html2text is available or install it. 3) Note the scripts use hard-coded absolute paths (/home/ubuntu/.openclaw/...); update them if your agent runs under a different user or run in a sandbox to avoid accidental access to other users' files. 4) Inspect ~/.openclaw/workspace/data/last_notification.json and anchor files after first run — they store message metadata (subject, sender, ids) which is sensitive. 5) If you need stronger guarantees, run the scripts in an isolated environment or test with a non-production mailbox first. The main risks are missing dependency declarations, implicit access to mailbox credentials via the system himalaya configuration, and hard-coded paths — these are implementation issues rather than evidence of malicious behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk975mxpxv34ppfns2w2ye56cch846wkm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.