← Back to Skills Marketplace

WeCom邮箱

Name: WeCom邮箱
Author: chongjie-ran

by chongjie-ran · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

238

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install wecom-email

Description

企业微信邮箱操作 - 使用专用邮箱发送邮件。支持读取会议纪要、业务文档等作为邮件内容发送。

Usage Guidance

This skill performs the advertised task (send corporate email) but the SKILL.md tells the agent to read and decode local credential files while the metadata lists no required credentials — that's a mismatch you should not ignore. Before installing or enabling: 1) Ask the publisher which exact credential/config path(s) the skill will access and require that to be declared in metadata. 2) Ensure the SMTP account is a dedicated, restricted mailbox (not your primary personal account). 3) Require the skill to prompt for explicit user consent every time before reading any local file or sending an email. 4) Prefer short-lived or minimum-permission credentials (or an API-based integration) instead of storing reusable secrets in plaintext/base64. 5) If the skill is from an unknown source, test in a sandboxed environment and verify the credential files referenced exist and contain only the intended mailbox credentials. If the author cannot clearly justify the credential paths and access controls, treat the skill as unsafe to enable.

Capability Analysis

Type: OpenClaw Skill Name: wecom-email Version: 1.0.0 The skill provides explicit instructions for the AI agent to locate and decode sensitive credential files stored in the workspace memory (e.g., `~/.openclaw/workspace/memory/sc-email-credentials.enc`) using `base64 -d`. While the stated purpose is sending enterprise emails via legitimate WeCom SMTP servers, the inclusion of specific paths to multiple credential stores and instructions on how to bypass their encoding poses a significant risk of credential exposure or unauthorized access to sensitive files.

Capability Assessment

⚠ Purpose & Capability

Name/description say 'send corporate WeCom email' and the instructions show SMTP code to do exactly that, so the capability matches the purpose. However, the skill metadata declares no required credentials or config paths while the runtime instructions explicitly reference credential files (e.g., ~/.openclaw/workspace/memory/sc-email-credentials.enc and email-credentials.enc). The absence of declared credentials/config paths in metadata is an incoherence that prevents a clear security review and least-privilege enforcement.

⚠ Instruction Scope

The SKILL.md tells the agent to read local files (meeting notes and specific encrypted credential files) and to decode credentials (base64 -d example). That means the skill will read and transmit local content and secrets to an external SMTP server. It also references a separate 'personal email' credentials file path, which is outside the explicit '専用邮箱' concept and could enable access to unrelated credentials. While reading meeting notes is reasonable for sending them, instructions do not constrain which files are allowed and rely on agent discretion — this grants broad scope to access local files and secrets.

✓ Install Mechanism

This is an instruction-only skill with no install spec and no code files — lowest install risk. There is no download or package installation described.

⚠ Credentials

No environment variables or primary credential are declared in the metadata, yet the instructions require an SMTP account and reference multiple credential file paths and decoding steps. Requesting access to credential files (including a personal credentials path) without declaring them is disproportionate and opaque; the skill should explicitly declare which credential/config path it needs and why.

✓ Persistence & Privilege

The skill does not request always: true, does not modify other skills, and is user-invocable only by default. It does instruct reading/writing within the agent workspace (~/.openclaw/workspace) but stays within its own workspace paths rather than system-wide configuration. Still, the ability to read credentials in that workspace is sensitive and should be declared.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install wecom-email
After installation, invoke the skill by name or use /wecom-email
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of WeCom Email skill: - Enables sending work emails via dedicated WeCom (企业微信) email accounts. - Supports sending meeting minutes and business documents as email content. - Requires explicit user command to send; enforces strict security and usage rules (work-related only, no sensitive data). - Provides configuration details for SMTP, credential management, and usage examples (Python, CLI). - Contains trigger words for activation such as “发送邮件”, “邮件通知”, and “发送会议纪要”.

Metadata

Slug wecom-email

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is WeCom邮箱?

企业微信邮箱操作 - 使用专用邮箱发送邮件。支持读取会议纪要、业务文档等作为邮件内容发送。 It is an AI Agent Skill for Claude Code / OpenClaw, with 238 downloads so far.

How do I install WeCom邮箱?

Run "/install wecom-email" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is WeCom邮箱 free?

Yes, WeCom邮箱 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does WeCom邮箱 support?

WeCom邮箱 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created WeCom邮箱?

It is built and maintained by chongjie-ran (@chongjie-ran); the current version is v1.0.0.

More Skills