Description

Read and send email via IMAP/SMTP. Check for new/unread messages, fetch content, search mailboxes, mark as read/unread, and send emails with attachments. Wor...

README (SKILL.md)

IMAP/SMTP Email Tool

Name: Imap Smtp Email.Disabled
Author: welderjustin

Read, search, and manage email via IMAP protocol. Send email via SMTP. Supports Gmail, Outlook, 163.com, vip.163.com, 126.com, vip.126.com, 188.com, vip.188.com, and any standard IMAP/SMTP server.

Configuration

Create .env in the skill folder or set environment variables:

# IMAP Configuration (receiving email)
IMAP_HOST=imap.gmail.com          # Server hostname
IMAP_PORT=993                     # Server port
[email protected]
IMAP_PASS=your_password
IMAP_TLS=true                     # Use TLS/SSL connection
IMAP_REJECT_UNAUTHORIZED=true     # Set to false for self-signed certs
IMAP_MAILBOX=INBOX                # Default mailbox

# SMTP Configuration (sending email)
SMTP_HOST=smtp.gmail.com          # SMTP server hostname
SMTP_PORT=587                     # SMTP port (587 for STARTTLS, 465 for SSL)
SMTP_SECURE=false                 # true for SSL (465), false for STARTTLS (587)
[email protected]          # Your email address
SMTP_PASS=your_password           # Your password or app password
[email protected]          # Default sender email (optional)
SMTP_REJECT_UNAUTHORIZED=true     # Set to false for self-signed certs

Common Email Servers

Provider	IMAP Host	IMAP Port	SMTP Host	SMTP Port
163.com	imap.163.com	993	smtp.163.com	465
vip.163.com	imap.vip.163.com	993	smtp.vip.163.com	465
126.com	imap.126.com	993	smtp.126.com	465
vip.126.com	imap.vip.126.com	993	smtp.vip.126.com	465
188.com	imap.188.com	993	smtp.188.com	465
vip.188.com	imap.vip.188.com	993	smtp.vip.188.com	465
yeah.net	imap.yeah.net	993	smtp.yeah.net	465
Gmail	imap.gmail.com	993	smtp.gmail.com	587
Outlook	outlook.office365.com	993	smtp.office365.com	587
QQ Mail	imap.qq.com	993	smtp.qq.com	587

Important for Gmail:

Gmail does not accept your regular account password
You must generate an App Password: https://myaccount.google.com/apppasswords
Use the generated 16-character App Password as IMAP_PASS / SMTP_PASS
Requires Google Account with 2-Step Verification enabled

Important for 163.com:

Use authorization code (授权码), not account password
Enable IMAP/SMTP in web settings first

IMAP Commands (Receiving Email)

check

Check for new/unread emails.

node scripts/imap.js check [--limit 10] [--mailbox INBOX] [--recent 2h]

Options:

--limit \x3Cn>: Max results (default: 10)
--mailbox \x3Cname>: Mailbox to check (default: INBOX)
--recent \x3Ctime>: Only show emails from last X time (e.g., 30m, 2h, 7d)

fetch

Fetch full email content by UID.

node scripts/imap.js fetch \x3Cuid> [--mailbox INBOX]

download

Download all attachments from an email, or a specific attachment.

node scripts/imap.js download \x3Cuid> [--mailbox INBOX] [--dir \x3Cpath>] [--file \x3Cfilename>]

Options:

--mailbox \x3Cname>: Mailbox (default: INBOX)
--dir \x3Cpath>: Output directory (default: current directory)
--file \x3Cfilename>: Download only the specified attachment (default: download all)

search

Search emails with filters.

node scripts/imap.js search [options]

Options:
  --unseen           Only unread messages
  --seen             Only read messages
  --from \x3Cemail>     From address contains
  --subject \x3Ctext>   Subject contains
  --recent \x3Ctime>    From last X time (e.g., 30m, 2h, 7d)
  --since \x3Cdate>     After date (YYYY-MM-DD)
  --before \x3Cdate>    Before date (YYYY-MM-DD)
  --limit \x3Cn>        Max results (default: 20)
  --mailbox \x3Cname>   Mailbox to search (default: INBOX)

mark-read / mark-unread

Mark message(s) as read or unread.

node scripts/imap.js mark-read \x3Cuid> [uid2 uid3...]
node scripts/imap.js mark-unread \x3Cuid> [uid2 uid3...]

list-mailboxes

List all available mailboxes/folders.

node scripts/imap.js list-mailboxes

SMTP Commands (Sending Email)

send

Send email via SMTP.

node scripts/smtp.js send --to \x3Cemail> --subject \x3Ctext> [options]

Required:

--to \x3Cemail>: Recipient (comma-separated for multiple)
--subject \x3Ctext>: Email subject, or --subject-file \x3Cfile>

Optional:

--body \x3Ctext>: Plain text body
--html: Send body as HTML
--body-file \x3Cfile>: Read body from file
--html-file \x3Cfile>: Read HTML from file
--cc \x3Cemail>: CC recipients
--bcc \x3Cemail>: BCC recipients
--attach \x3Cfile>: Attachments (comma-separated)
--from \x3Cemail>: Override default sender

Examples:

# Simple text email
node scripts/smtp.js send --to [email protected] --subject "Hello" --body "World"

# HTML email
node scripts/smtp.js send --to [email protected] --subject "Newsletter" --html --body "\x3Ch1>Welcome\x3C/h1>"

# Email with attachment
node scripts/smtp.js send --to [email protected] --subject "Report" --body "Please find attached" --attach report.pdf

# Multiple recipients
node scripts/smtp.js send --to "[email protected],[email protected]" --cc "[email protected]" --subject "Update" --body "Team update"

test

Test SMTP connection by sending a test email to yourself.

node scripts/smtp.js test

Dependencies

npm install

Security Notes

Store credentials in .env (add to .gitignore)
Gmail: regular password is rejected — generate an App Password at https://myaccount.google.com/apppasswords
For 163.com: use authorization code (授权码), not account password

Troubleshooting

Connection timeout:

Verify server is running and accessible
Check host/port configuration

Authentication failed:

Verify username (usually full email address)
Check password is correct
For 163.com: use authorization code, not account password
For Gmail: regular password won't work — generate an App Password at https://myaccount.google.com/apppasswords

TLS/SSL errors:

Match IMAP_TLS/SMTP_SECURE setting to server requirements
For self-signed certs: set IMAP_REJECT_UNAUTHORIZED=false or SMTP_REJECT_UNAUTHORIZED=false

Usage Guidance

This package is broadly coherent with an IMAP/SMTP email client, but review and take these precautions before installing or running it: - Expect to provide IMAP/SMTP credentials (use app passwords for Gmail, do not reuse your main login). The setup script will write these to a .env file in the skill directory (it sets file permissions to 600). If you are uncomfortable storing credentials on disk, skip setup.sh and provide env vars only to the runtime process. - The code enforces ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS to restrict file access. These environment variables are required by the scripts for file read/write operations but were not declared in the registry metadata — set them explicitly and make them as narrow as possible (e.g., only one dedicated folder). If you do not set them, file operations will be disabled. - The setup script will send a test email to your address (SMTP test). If you do not want any outbound email sent during setup, do not run the tests or the setup script. - The package installs typical npm dependencies. Review package.json and consider running npm install in an isolated environment (container or VM) if you want to limit risk. - Confirm the origin/author if provenance matters: package.json lists "NetEase" and the IMAP ID/support email references 188.com, but registry owner metadata is different — this mismatch may be benign but worth checking. Given the mismatch between declared env requirements and the code's actual expectations, and the fact that credentials are written to disk and used to send email, treat this as potentially risky until you audit or restrict its environment (narrow allowed dirs, use app-specific credentials, run in an isolated environment).

Capability Analysis

Type: OpenClaw Skill Name: imap-smtp-email-disabled Version: 1.0.0 The skill provides legitimate IMAP and SMTP functionality for managing and sending emails, with specific optimizations for NetEase mail services (163.com, 126.com, etc.) via the IMAP ID extension. It includes proactive security measures such as directory whitelisting (ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS) in scripts/imap.js and scripts/smtp.js to prevent unauthorized file system access. The setup.sh script follows best practices by setting restrictive file permissions (600) on the generated .env file containing credentials.

Capability Assessment

ℹ Purpose & Capability

Name/description, CLI commands, and included Node scripts align with an IMAP/SMTP email client and the declared requirements (node, npm, IMAP/SMTP credentials). However, the code expects ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS env variables to enable file read/write operations, but those are not listed in the registry's required env list — this is a mismatch/omission.

✓ Instruction Scope

SKILL.md and scripts limit actions to IMAP/SMTP operations, reading/writing attachments (with path whitelist checks), and sending test emails. The setup script will prompt for credentials, create a .env file, and run IMAP/SMTP tests (including sending a test email to the user). There are no hidden remote endpoints or broad data-collection instructions beyond interacting with mail servers and local files.

✓ Install Mechanism

No remote download/install script is present; code is included and dependencies are standard npm packages declared in package.json. Installation requires running npm install locally, which is normal. No obscure external URLs or archives are used.

⚠ Credentials

Requesting IMAP and SMTP host/user/pass is expected for this functionality. But the scripts require ALLOWED_READ_DIRS and ALLOWED_WRITE_DIRS (they throw errors if absent) to enable file reading/writing; those are not declared in the registry's required env list. The setup.sh writes sensitive credentials into a .env file on disk (though it sets 600 perms), which is a standard convenience but poses risk if mishandled. PrimaryEnv set to SMTP_PASS is plausible.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills or system-wide agent settings. The setup helper writes a .env file into the skill folder (normal for a CLI tool) and runs tests; that is local persistence only.

Version History

v1.0.0

- Initial release of the IMAP/SMTP Email Tool. - Provides commands to check, fetch, download attachments, search, mark read/unread, and list mailboxes via IMAP. - Supports sending emails (including attachments and HTML) via SMTP. - Compatible with major email providers (Gmail, Outlook, 163.com, 126.com, 188.com, etc.) and any standard IMAP/SMTP server. - Detailed configuration instructions and troubleshooting tips included.

Metadata

Slug imap-smtp-email-disabled

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Imap Smtp Email.Disabled?

Read and send email via IMAP/SMTP. Check for new/unread messages, fetch content, search mailboxes, mark as read/unread, and send emails with attachments. Wor... It is an AI Agent Skill for Claude Code / OpenClaw, with 270 downloads so far.

How do I install Imap Smtp Email.Disabled?

Run "/install imap-smtp-email-disabled" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Imap Smtp Email.Disabled free?

Yes, Imap Smtp Email.Disabled is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Imap Smtp Email.Disabled support?

Imap Smtp Email.Disabled is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Imap Smtp Email.Disabled?

It is built and maintained by welderjustin (@welderjustin); the current version is v1.0.0.

More Skills

Imap Smtp Email.Disabled