← Back to Skills Marketplace
huangbaixun

one-mail

by huangbaixun · GitHub ↗ · v1.3.0
cross-platform ⚠ suspicious
528
Downloads
0
Stars
1
Active Installs
9
Versions
Install in OpenClaw
/install one-mail
Description
统一邮箱管理 CLI,支持 Gmail、Outlook、网易邮箱(163.com、126.com)。适用于:(1) 收取/发送邮件,(2) 跨账户搜索邮件,(3) 管理多个邮箱账户,(4) 查看邮件统计。当用户提到邮件、邮箱、email、发邮件、收邮件、查邮件时触发。
Usage Guidance
This repo contains a plausible CLI mail client but has some inconsistencies you should address before installing: (1) The registry metadata claims no required binaries/env but the scripts need gog (for Gmail), curl, jq, python3 and openssl — install those first. (2) setup.sh/accounts.sh will prompt for OAuth client secrets, refresh tokens and app-specific passwords and store them in ~/.onemail/credentials.json (file is chmod 600). If you prefer, use the optional macOS Keychain support or review save_credentials/get_credentials to ensure you are comfortable with local storage. (3) install.sh creates /usr/local/bin/onemail but the manifest shown does not include an onemail entrypoint — verify the onemail launcher exists in the package before running install.sh. (4) The code uses eval when invoking the gog CLI and constructs some HTTP/IMAP arguments by string concatenation; avoid passing untrusted input into these commands to prevent shell/parameter injection. (5) All network endpoints contacted are the expected providers (Microsoft, Gmail via gog, NetEase IMAP/SMTP); review the OAuth flows (client IDs/secrets) and ensure you trust the client configuration you provide. If you need higher assurance, run the scripts in a sandboxed account or test environment and inspect ~/.onemail/credentials.json after setup.
Capability Analysis
Type: OpenClaw Skill Name: one-mail Version: 1.3.0 The skill bundle is a functional multi-account email CLI, but it contains a significant shell injection vulnerability in 'scripts/lib/gmail.sh' where the 'eval' command is used on unsanitized user input (search queries). It also handles highly sensitive data, including email passwords and OAuth refresh tokens, storing them in '~/.onemail/credentials.json'. While it attempts to secure these with 'chmod 600' and the logic appears consistent with its stated purpose, the combination of sensitive credential handling and RCE-prone command construction warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The skill legitimately implements unified email management for Gmail, Outlook and NetEase via the included scripts. However the registry metadata claims no required binaries/env while the code clearly depends on external tools (gog, curl, jq, python3, openssl). That discrepancy is unexpected and should be corrected or explained.
Instruction Scope
SKILL.md and included scripts limit actions to configuring accounts, performing OAuth/IMAP/SMTP flows, fetching/sending mail, and storing credentials under ~/.onemail. Network calls go to expected providers (login.microsoftonline.com, graph.microsoft.com, imap/smtp servers). The setup flow prompts for secrets and stores them locally, which is typical for a CLI mail client.
Install Mechanism
No install spec is declared (low registry install risk). There is an install.sh that creates a symlink to a top-level onemail binary, but the repository manifest provided does not include an onemail entrypoint — install.sh may produce a broken link. No remote downloads or third-party archives are used.
Credentials
Registry metadata lists no required env vars or binaries, but the scripts require gog (Gmail), curl, jq, python3 and openssl; they also store OAuth refresh tokens and app-specific passwords in ~/.onemail/credentials.json (chmod 600). The skill requests sensitive secrets interactively (client secrets, refresh tokens, app passwords) — this is expected for an email client but the metadata should declare those dependencies. Credentials are kept locally rather than in a platform-kept secret store unless you opt into macOS Keychain.
Persistence & Privilege
always is false and the skill does not require forced inclusion. It stores config/credentials under ~/.onemail and updates them (e.g., refresh token rotation) which is normal for this type of tool. It does not modify other skills or system-wide configs beyond creating an optional symlink in /usr/local/bin.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install one-mail
  3. After installation, invoke the skill by name or use /one-mail
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
优化 SKILL.md 结构遵循 skill-creator 规范;添加 126 邮箱支持
v1.2.0
添加 126 邮箱支持 + 优化 SKILL.md(progressive disclosure)
v1.1.0
chore: 清理非必要文件,精简项目结构(删除 21 个文件,-3205 行)
v1.0.7
feat: 添加邮件阅读功能 + HTML 标准化处理(read.sh + html2text.py)
v1.0.6
fix: 修复 Outlook 邮件收取失败(URL 编码、子 shell 变量传递、JSON 解析)
v1.0.5
fix: 修复 Outlook 空响应导致 jq 解析失败
v1.0.4
fix: 修正 README 中账户管理命令路径为相对路径
v1.0.3
- Documentation fully localized to Chinese, providing a more accessible experience for Chinese-speaking users. - Usage, configuration, troubleshooting, and dependency sections rewritten in Chinese with examples. - Installation instructions added for ClawHub and manual install methods. - More detailed script list and clearer account management instructions. - Updated FAQ/troubleshooting and security tips for regional context.
v1.0.2
- Added SKILL.md with detailed usage instructions, configuration, features, and troubleshooting steps. - Documented support for Gmail, Outlook, and NetEase Mail from a single CLI. - Included examples for fetching, sending emails, and managing accounts. - Clarified dependencies, security measures, and output format (JSON). - Provided links to additional documentation and support resources.
Metadata
Slug one-mail
Version 1.3.0
License
All-time Installs 1
Active Installs 1
Total Versions 9
Frequently Asked Questions

What is one-mail?

统一邮箱管理 CLI,支持 Gmail、Outlook、网易邮箱(163.com、126.com)。适用于:(1) 收取/发送邮件,(2) 跨账户搜索邮件,(3) 管理多个邮箱账户,(4) 查看邮件统计。当用户提到邮件、邮箱、email、发邮件、收邮件、查邮件时触发。 It is an AI Agent Skill for Claude Code / OpenClaw, with 528 downloads so far.

How do I install one-mail?

Run "/install one-mail" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is one-mail free?

Yes, one-mail is completely free (open-source). You can download, install and use it at no cost.

Which platforms does one-mail support?

one-mail is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created one-mail?

It is built and maintained by huangbaixun (@huangbaixun); the current version is v1.3.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments