← Back to Skills Marketplace

Email Monitor

Name: Email Monitor
Author: qiusuo9809

by qiusuo9809 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

262

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install qiusuo-email-monitor

Description

Set up periodic email monitoring for any IMAP mailbox (Gmail, Outlook, QQ, etc.). Guides users through mailbox configuration, tests the connection, then crea...

Usage Guidance

This skill appears to do what it says, but consider these points before installing: - It asks you to provide and stores mailbox credentials (app password or account password) in plaintext at ~/.openclaw/email-monitor/<sanitized-email>/config.json. Prefer app passwords + 2FA (Gmail) and restrict the file: chmod 600 <config>. Delete the config to revoke access. - Fetched email bodies and attachments may be printed to stdout and shown in chat — avoid feeding highly sensitive mail if you don't want it displayed or stored in chat history. - Attachment downloads (if enabled) are written to the user-specified directory; ensure that path is safe and not world-readable if attachments are sensitive. - The skill creates a cron job via `openclaw cron add` to run the included Python script; the job runs as your user and will have access to the config/state files. Verify the cron command and <skill_dir> expansion when confirming. - Because the skill stores credentials locally, remove the config/state files and cron entry to fully revoke the skill's access. - If you need stronger protection, consider creating a dedicated mailbox or app password with limited rights for monitoring rather than using your primary account password. Overall: internally consistent with the stated purpose, but handle stored credentials and output visibility carefully.

Capability Analysis

Type: OpenClaw Skill Name: qiusuo-email-monitor Version: 1.0.0 The skill manages sensitive email credentials (including app passwords) and stores them in plaintext in the user's home directory. Additionally, the attachment downloading logic in `scripts/fetch_emails.py` is vulnerable to path traversal, as it uses unsanitized filenames from email headers in `os.path.join`, potentially allowing an attacker to overwrite arbitrary files on the system. While these are high-risk security flaws, they appear to be unintentional vulnerabilities rather than evidence of malicious intent.

Capability Assessment

✓ Purpose & Capability

Name/description (periodic IMAP email monitoring) align with the included script and instructions. The fetch_emails.py implements IMAP over SSL, UID-based incremental fetching, optional attachment saving, and outputs results to stdout — all expected for this purpose.

ℹ Instruction Scope

SKILL.md explicitly instructs the agent to collect the user's email and password (app password or IMAP password), store them in ~/.openclaw/email-monitor/<sanitized-email>/config.json, run the local fetch_emails.py for testing, and create a cron job via `openclaw cron add`. These steps are within the task scope but involve writing plaintext credentials and saved state/attachments to disk and printing email contents to stdout (which will be visible in the chat) — privacy considerations, not covert behavior.

✓ Install Mechanism

There is no install spec and the skill is instruction-only aside from a small Python script. No external downloads or package installs are performed by the skill itself.

ℹ Credentials

The skill requires the user to supply mailbox credentials (app password / account password) which are appropriately the sole sensitive inputs. It does not request unrelated environment variables or cloud credentials. However, credentials are stored in plaintext in a config.json under the user's home directory — expected but a security/privacy risk if the host is shared or unprotected.

✓ Persistence & Privilege

always is false and the skill does not request elevated or cross-skill privileges. The cron job will run under the user's account (per SKILL.md) which is expected for scheduled checks; this is normal but means future periodic runs will access the stored config and mailbox.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install qiusuo-email-monitor
After installation, invoke the skill by name or use /qiusuo-email-monitor
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

首发：Gmail/IMAP 邮件定时监控，6步引导配置，增量拉取，token 消耗极低。by qiusuo

Metadata

Slug qiusuo-email-monitor

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Email Monitor?

Set up periodic email monitoring for any IMAP mailbox (Gmail, Outlook, QQ, etc.). Guides users through mailbox configuration, tests the connection, then crea... It is an AI Agent Skill for Claude Code / OpenClaw, with 262 downloads so far.

How do I install Email Monitor?

Run "/install qiusuo-email-monitor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Email Monitor free?

Yes, Email Monitor is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Email Monitor support?

Email Monitor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Email Monitor?

It is built and maintained by qiusuo9809 (@qiusuo9809); the current version is v1.0.0.

More Skills