Send mail with Python stdlib smtplib (SMTP_SSL to smtp.yeah.net:465). Documented account validates@yeah.net with embedded client auth code; standalone script... It is an AI Agent Skill for Claude Code / OpenClaw, with 144 downloads so far.

Description

Send mail with Python stdlib smtplib (SMTP_SSL to smtp.yeah.net:465). Documented account [email protected] with embedded client auth code; standalone script...

README (SKILL.md)

Email (Python `smtplib`, NetEase yeah.net)

Name: email-skill
Author: wgy2e

This skill is documentation only: the agent writes a standalone Python file (for example /tmp/send_email.py), runs python3 /tmp/send_email.py …, and relies on stdlib only (smtplib, email.mime). Nothing else in this skill folder is required.

Why this pattern

No TTY prompts: the SMTP session is a straight TCP/TLS login; it does not depend on an interactive terminal or CLI mail tools that may error with “cannot prompt item from list”.
One-shot execution: python3 /path/to/send_email.py from any cwd.
No extra pip packages: standard library only.
Contrast: a separate bash …/email send … wrapper around another binary can hit TTY or pager issues in automated runners; this approach avoids that class of failures.

NetEase yeah.net SMTP (fixed for this workspace)

Item	Value
SMTP host	`smtp.yeah.net`
Port	`465` (implicit TLS)
Python API	`smtplib.SMTP_SSL(host, port, timeout=…)`
Account (From / login user)	`[email protected]`
Client authorization code (SMTP password)	`LWyx439sqLGuU68u`

Use the client authorization code from the NetEase mail settings, not the web-login password alone if the provider requires a separate client password.

Reference implementation (copy → edit recipient / subject / body)

Save as /tmp/send_email.py (or any path), then run with python3 /tmp/send_email.py \x3Cto> \x3Csubject> \x3Cbody>.

#!/usr/bin/env python3
import smtplib
import sys
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart

SMTP_SERVER = "smtp.yeah.net"
SMTP_PORT = 465
SENDER_EMAIL = "[email protected]"
SENDER_PASSWORD = "LWyx439sqLGuU68u"


def send_plain_email(receiver_email: str, subject: str, body: str) -> None:
    message = MIMEMultipart("alternative")
    message["Subject"] = subject
    message["From"] = SENDER_EMAIL
    message["To"] = receiver_email
    part = MIMEText(body, "plain", "utf-8")
    message.attach(part)

    server = smtplib.SMTP_SSL(SMTP_SERVER, SMTP_PORT, timeout=30)
    try:
        server.login(SENDER_EMAIL, SENDER_PASSWORD)
        server.send_message(message)
    finally:
        server.quit()


if __name__ == "__main__":
    if len(sys.argv) \x3C 4:
        sys.stderr.write(
            "usage: python3 send_email.py \x3Cto> \x3Csubject> \x3Cbody>\
"
        )
        sys.exit(1)
    send_plain_email(sys.argv[1], sys.argv[2], sys.argv[3])

Flow the agent should follow:

Write the file (constants above already match this workspace’s yeah.net account).
Run: python3 /tmp/send_email.py "recipient@domain" "Subject line" "Plain text body" (quote arguments with spaces).
On exception, print or return the error string to the user.

Optional variants

UTF-8 subjects / long bodies: keep MIMEText(..., "plain", "utf-8"); if the subject needs encoding beyond ASCII, use encoded-word headers per RFC 2047 or switch to EmailMessage + set_content with the same SMTP steps.
Weather or other dynamic body: build the body string in Python before send_plain_email.

Other NetEase domains

163 / 126 usually use smtp.163.com / smtp.126.com, port 465, same SMTP_SSL pattern; replace host and credentials accordingly.

Credential note

This file embeds live SMTP credentials by explicit workspace choice. Anyone with read access to this markdown can send mail as [email protected]. If this tree is copied to a public repository, rotate the NetEase client authorization code and update SENDER_PASSWORD here.

Usage Guidance

This skill is coherent with its stated purpose (sending email via smtp.yeah.net), but it embeds a live SMTP account and client-authorization code directly in the SKILL.md. Before installing or using it, consider the following: - Treat the embedded credentials as a secret leak: anyone with read access can send mail as [email protected]. If the repository/tree is or becomes public, rotate/revoke that client authorization code immediately. - Prefer not to run documentation that writes and executes a script containing plaintext credentials. Safer alternatives: store SMTP password in an environment variable or secret manager and update the instructions to read it from there. - Confirm you (or your organization) control the [email protected] account. If you do not control it, do not use these credentials; using them could be unauthorized and could get the account suspended. - Be aware of abuse risk: the skill allows sending arbitrary recipients and message bodies, which could be used for spam or data exfiltration. Limit who can invoke the skill and audit usage/logs if possible. - If you need this capability, request the author replace the hard-coded SENDER_PASSWORD with a required secret (e.g., requires.env) or provide a configuration step that uses a secure secret store. If you inherit this skill from an internal workspace, verify access controls and rotate credentials if the skill was copied to a public place. Confidence is medium because the behavior is internally coherent for the stated purpose, but embedding live credentials in documentation is an unusual design choice that could be legitimate for a private workspace or a careless disclosure; additional context about the skill's intended visibility (private workspace vs public registry) and ownership would raise confidence.

Capability Analysis

Type: OpenClaw Skill Name: email-tool-skill Version: 1.0.0 The skill provides a functional Python script and instructions for sending emails via the NetEase (yeah.net) SMTP service. It contains hardcoded plaintext credentials ([email protected] / LWyx439sqLGuU68u) within SKILL.md, which is a significant security risk and could be abused for unauthorized mail relay or phishing. While the behavior is aligned with the stated purpose, the inclusion of live credentials and the pattern of writing/executing scripts from /tmp are high-risk practices.

Capability Assessment

ℹ Purpose & Capability

Name/description match the instructions: the skill documents how to send mail with Python's smtplib to smtp.yeah.net on port 465 and requires only python3. Requiring python3 and standard-library code is proportionate to the stated purpose. However, the SKILL.md embeds a specific From address and an SMTP client authorization code (SENDER_PASSWORD) in plaintext, which is unusual for a reusable/public skill.

⚠ Instruction Scope

The runtime instructions tell the agent to write a standalone Python script (e.g. /tmp/send_email.py) that contains hard-coded credentials and then execute it. The actions themselves (write file, run python3) are within the email-sending scope, but embedding live credentials in the documentation and instructing the agent to execute a script using those credentials expands the skill's impact: anyone who follows the instructions or has read access can send arbitrary mail from that account. The instructions also permit arbitrary message bodies and recipients, which increases abuse potential (phishing, spam, exfiltration).

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files; that is low-risk from an install perspective. It relies only on python3 being present and uses the Python standard library (no external downloads or package installs).

⚠ Credentials

The skill declares no required environment variables but includes explicit credentials (SENDER_EMAIL and SENDER_PASSWORD) inside SKILL.md. Asking the user for no secrets while embedding live credentials in the skill is disproportionate/unusual and creates a secret disclosure risk. Best practice would be to require a single SMTP credential via an env var or secret store rather than publishing credentials in the doc.

✓ Persistence & Privilege

The skill does not request always: true, does not install persistent components, and does not modify other skills or system-wide settings. It is user-invocable and allows autonomous model invocation by default (the platform normal), which combined with the embedded credentials increases potential blast radius but is not itself an exceptional privilege.

Version History

v1.0.0

- Major update: Replaced previous multi-provider, feature-rich email skill with documentation for a minimal, Python stdlib-based standalone mail script targeting smtp.yeah.net. - All code and config files removed; skill is now "documentation only" and instructs the agent to write/run a standalone `/tmp/send_email.py` per invocation. - SMTP account fixed to [email protected] with embedded client authorization code. - No dependency on local bash wrappers, external mail tools, or pip packages. - Emphasized non-interactive, stdlib-only approach to avoid TTY and automation issues.

Metadata

Slug email-tool-skill

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is email-skill?

Send mail with Python stdlib smtplib (SMTP_SSL to smtp.yeah.net:465). Documented account [email protected] with embedded client auth code; standalone script... It is an AI Agent Skill for Claude Code / OpenClaw, with 144 downloads so far.

How do I install email-skill?

Run "/install email-tool-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is email-skill free?

Yes, email-skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does email-skill support?

email-skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created email-skill?

It is built and maintained by WGY2e (@wgy2e); the current version is v1.0.0.

More Skills

email-skill

Email (Python smtplib, NetEase yeah.net)