← Back to Skills Marketplace
137
Downloads
0
Stars
1
Active Installs
2
Versions
Install in OpenClaw
/install email163-sender
Description
163邮箱发送工具。使用授权密码(授权码)进行SMTP认证发送邮件。支持文本邮件、HTML邮件、带附件邮件、抄送/密送。当用户需要发送邮件时使用此技能。
README (SKILL.md)
Email Sender (163)
通过授权密码发送邮件的技能。
环境配置
# 163邮箱地址
export EMAIL_163_USER="[email protected]"
# 授权密码(在163邮箱设置中开启)
export EMAIL_163_AUTH_CODE="your_auth_code"
获取授权密码:
- 登录163邮箱 → 设置 → POP3/SMTP设置
- 开启 POP3/SMTP服务
- 新增授权密码并保存
快速开始
发送简单邮件
python3 scripts/send_email.py \
--to [email protected] \
--subject "测试邮件" \
--body "这是一封测试邮件"
发送带附件邮件
python3 scripts/send_email.py \
--to [email protected] \
--subject "报告" \
--body "请查收附件" \
-a report.pdf
发送HTML邮件
python3 scripts/send_email.py \
--to [email protected] \
--subject "周报" \
--html \
--body "\x3Ch1>周报\x3C/h1>\x3Cp>本周工作进展...\x3C/p>"
查看发送历史
python3 scripts/send_email.py --list
参数说明
| 参数 | 说明 |
|---|---|
--to, -t |
收件人邮箱(多个用逗号分隔) |
--subject, -s |
邮件主题 |
--body, -b |
邮件正文 |
--html |
HTML格式邮件 |
-a, --attachment |
附件路径(可多次指定) |
--cc |
抄送 |
--bcc |
密送 |
--from, -f |
发件人邮箱 |
--auth-code |
授权密码 |
--list, -l |
列出已发送邮件 |
--status |
查看邮件状态 |
--clear-history |
清空发送历史 |
常见问题
Q: 认证失败? A: 检查授权密码是否正确,确认已在163邮箱中开启POP3/SMTP服务。
Q: 附件发送失败? A: 确认文件路径正确,文件大小建议\x3C20MB。
Usage Guidance
This skill appears to implement a straightforward 163.com SMTP sender, but review these issues before installing: (1) The registry metadata fails to declare required env vars — you must provide EMAIL_163_USER and EMAIL_163_AUTH_CODE; treat the auth code as a secret and store/rotate it securely. (2) The script disables TLS certificate verification when connecting to smtp.163.com (context.check_hostname=False and verify_mode=ssl.CERT_NONE) which makes the connection vulnerable to MITM; consider editing the script to enable default verification before use. (3) The script writes a history file to WORKSPACE/.email_history (or current directory) — ensure WORKSPACE is not pointed at a sensitive system path and review/clear stored history if needed. (4) Because the metadata omitted the env vars, prefer to run this in a controlled environment (not a shared CI runner) and inspect or run the script manually first. If you need help hardening the script (re-enable cert verification, make history storage explicit/configurable, avoid storing secrets in env vars), ask for a patched version or guidance.
Capability Analysis
Type: OpenClaw Skill
Name: email163-sender
Version: 1.0.1
The skill provides a utility to send emails via 163.com. A security vulnerability is present in scripts/send_email.py where SSL certificate verification is explicitly disabled (ssl.CERT_NONE), which exposes the SMTP connection to potential Man-in-the-Middle (MitM) attacks. While the script handles sensitive credentials and local file attachments, no evidence of intentional malicious behavior or unauthorized data exfiltration was found.
Capability Assessment
Purpose & Capability
The name/description match the included script: the code implements SMTP send for smtp.163.com and supports attachments/HTML/cc/bcc/history. However the registry metadata lists no required env vars even though both SKILL.md and the script rely on EMAIL_163_USER and EMAIL_163_AUTH_CODE — that metadata omission is an incoherence.
Instruction Scope
SKILL.md instructions tell the user to set EMAIL_163_USER and EMAIL_163_AUTH_CODE and run the script, which matches behavior. But SKILL.md does not mention that the script will create and write a local history file under WORKSPACE/.email_history (defaulting to current working directory), nor that the script disables SSL certificate verification when connecting to the SMTP server (context.check_hostname=False and context.verify_mode=ssl.CERT_NONE). Both the undocumented filesystem writes and the insecure TLS setting expand scope beyond what a casual user might expect.
Install Mechanism
Instruction-only skill with a single Python script; no install spec or remote downloads. This is low-risk from an installation surface perspective.
Credentials
The script requires EMAIL_163_USER and EMAIL_163_AUTH_CODE (and will also read WORKSPACE if present) but the skill metadata did not declare any required environment variables or a primary credential. Requesting an email address and auth code is reasonable for SMTP, but the omission in the metadata is a mismatch that reduces transparency. The auth code is sensitive and should be declared and stored/handled carefully.
Persistence & Privilege
The skill persists a sent_emails.json history in WORKSPACE/.email_history (or current directory if WORKSPACE unset). It does not request always:true or modify other skills. Persisting send-history is plausible for this tool but users should know exactly where data is written (SKILL.md does not document the path).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install email163-sender - After installation, invoke the skill by name or use
/email163-sender - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Clean up: remove .pyc files, pure Python script only
v1.0.0
163邮箱发送工具,支持授权密码认证、附件、HTML邮件
Metadata
Frequently Asked Questions
What is Email163 Sender?
163邮箱发送工具。使用授权密码(授权码)进行SMTP认证发送邮件。支持文本邮件、HTML邮件、带附件邮件、抄送/密送。当用户需要发送邮件时使用此技能。 It is an AI Agent Skill for Claude Code / OpenClaw, with 137 downloads so far.
How do I install Email163 Sender?
Run "/install email163-sender" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Email163 Sender free?
Yes, Email163 Sender is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Email163 Sender support?
Email163 Sender is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Email163 Sender?
It is built and maintained by Marvin (@imnull); the current version is v1.0.1.
More Skills