← Back to Skills Marketplace
Email Reader
by
Jackeven02
· GitHub ↗
· v1.0.0
1289
Downloads
0
Stars
8
Active Installs
1
Versions
Install in OpenClaw
/install email-reader
Description
邮件读取与管理技能 - 让 AI 能够读取、汇总、发送邮件。当用户要求查看邮件、汇总未读、发送邮件通知时触发此技能。
README (SKILL.md)
Email Reader - 邮件管理技能
概述
赋予 AI 邮件管理能力:
- 读取邮件(IMAP)
- 发送邮件(SMTP)
- 邮件汇总与分类
- 重要邮件提醒
触发场景
- 用户要求"查看邮件"、"读取邮件"
- 用户要求"汇总未读邮件"
- 用户要求"发送邮件"
- 用户要求"检查重要邮件"
- 定时提醒用户查看邮件
支持的邮件服务
| 服务 | 协议 | 说明 |
|---|---|---|
| Gmail | IMAP/SMTP | 需要应用专用密码 |
| Outlook | IMAP/SMTP | 支持 OAuth |
| QQ 邮箱 | IMAP/SMTP | 需要授权码 |
| 网易邮箱 | IMAP/SMTP | 支持 IMAP |
使用 himalaya CLI
推荐使用 himalaya CLI 进行邮件管理:
安装
# macOS
brew install himalaya
# Linux
cargo install himalaya
# Windows
winget install himalaya
配置
himalaya envelope add --name personal \
--imap-host imap.example.com \
--imap-port 993 \
--smtp-host smtp.example.com \
--smtp-port 587 \
--username [email protected] \
--password "your-password"
常用命令
# 列出邮件
himalaya list --account personal -w 50
# 阅读邮件
himalaya read \x3Cemail-id>
# 发送邮件
himalaya send --from [email protected] --to [email protected] \
--subject "Subject" --body "Content"
# 搜索邮件
himalaya search --account personal "keyword"
工作流
1. 检查配置 → 确认 himalaya 已配置
2. 获取邮件 → 使用 list/read 命令
3. 筛选重要 → 标记重要邮件
4. 汇总呈现 → 用中文总结给用户
安全注意事项
- 不要在日志中暴露密码
- 使用环境变量存储敏感信息
- 建议使用 OAuth 认证(如果支持)
输出格式
向用户呈现邮件时:
- 发件人、主题、摘要
- 收到的简要
- 建议操作(回复、删除、标记)
Usage Guidance
This skill appears to do what it claims (manage email via the himalaya CLI), but it has a few problems you should address before use:
- Clarify dependencies: the registry should list 'himalaya' as a required binary so you know it must be installed.
- Do NOT copy the example that puts passwords on the command line—this exposes credentials to shell history and process lists. Prefer OAuth or storing credentials in a secure environment variable or credential store.
- If you enable scheduled reminders, confirm how the agent will store the schedule and whether it runs autonomously; be cautious granting ongoing autonomous access to your email.
- When installing himalaya, use the official package source for your OS (brew, winget, crates.io) and verify the project repo.
- Consider requiring explicit environment variables (or an OAuth flow) for credentials and avoid sharing raw auth tokens with the skill. If you need me to, I can suggest a safer configuration and a checklist to harden usage of this skill.
Confidence is medium because the skill is instruction-only and coherent overall, but the missing metadata and insecure examples are concerning rather than definitive proof of malicious intent.
Capability Analysis
Type: OpenClaw Skill
Name: email-reader
Version: 1.0.0
The skill is designed for legitimate email management using the `himalaya` CLI tool. However, it instructs the AI agent to install software and execute shell commands (`himalaya` commands) based on user input. While the `SKILL.md` includes positive security recommendations (e.g., using environment variables for sensitive data), the inherent design of an AI agent executing unsanitized user input in shell commands creates a significant risk of shell injection (RCE vulnerability). There is no direct evidence of malicious intent like data exfiltration or persistence within the provided files, but the capability to execute arbitrary commands via injection makes it suspicious.
Capability Assessment
Purpose & Capability
Skill description and runtime instructions align: it reads and sends email via IMAP/SMTP and recommends the himalaya CLI. However, the registry metadata declares no required binaries or primary credential even though SKILL.md expects the himalaya CLI and user mail credentials—this mismatch should be clarified.
Instruction Scope
The instructions directly tell users how to configure accounts with username/password on the command line (examples show plaintext passwords in CLI args) and recommend periodic reminders. Showing CLI invocations that embed passwords is insecure and could lead to credential leakage (shell history, process listing, logs). The skill does not explicitly limit what the agent should read beyond the mail client, and the '定时提醒' (scheduled reminders) implies background/periodic actions without specifying how scheduling or authorization is handled.
Install Mechanism
There is no install spec in the registry (lowest-risk), but SKILL.md recommends installing himalaya via brew/cargo/winget—these are standard package sources. This is acceptable, but the registry should declare the binary dependency so users know the runtime requirement ahead of time.
Credentials
No required environment variables or primary credential are declared despite the skill needing email account credentials (app passwords, OAuth tokens, or auth codes). The README suggests using environment variables and OAuth (good), but the concrete examples show passing passwords directly in CLI flags which is disproportionate and unsafe. The skill requests access to sensitive secrets in practice but doesn't document or enforce a secure mechanism for them.
Persistence & Privilege
always:false (default) and autonomous invocation allowed (normal). The SKILL.md mentions scheduled reminders, which implies persistent or recurring actions, but the skill provides no mechanism for persisting schedules or elevating privileges. This is a behavioral note to clarify how and when the agent will run these reminders.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install email-reader - After installation, invoke the skill by name or use
/email-reader - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Email Reader skill v1.0.0 released
- Enables email reading, summarizing, and sending using himalaya CLI.
- Supports Gmail, Outlook, QQ 邮箱, and 网易邮箱 via IMAP/SMTP.
- Automatically triggers for viewing, summarizing, or sending emails, and for important mail notifications.
- Provides step-by-step setup and security best practices.
- Presents clear outputs with sender, subject, summary, and suggested actions.
Metadata
Frequently Asked Questions
What is Email Reader?
邮件读取与管理技能 - 让 AI 能够读取、汇总、发送邮件。当用户要求查看邮件、汇总未读、发送邮件通知时触发此技能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1289 downloads so far.
How do I install Email Reader?
Run "/install email-reader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Email Reader free?
Yes, Email Reader is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Email Reader support?
Email Reader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Email Reader?
It is built and maintained by Jackeven02 (@jackeven02); the current version is v1.0.0.
More Skills