← Back to Skills Marketplace

email-pro-optimized

Name: email-pro-optimized
Author: q012315

by zone · GitHub ↗ · v2.2.1 · MIT-0

cross-platform ⚠ suspicious

122

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install q012315-email-pro-optimized

Description

高性能邮件工具 - 支持 QQ、Gmail、Outlook。IMAP读、SMTP写、OAuth 2.0、并发处理。速度比 imap-smtp-email 快 4-5 倍。

Usage Guidance

This skill appears to implement a capable multi-provider email client, but it ships with embedded Outlook OAuth credentials and a script that will push the skill directory to a remote Git repo. Those embedded secrets should be treated as sensitive — do NOT run authorize-outlook.sh or any auto-push/maintain scripts without auditing and removing secrets. Recommended steps before installing or running: 1) Inspect and remove any hard-coded client_id/client_secret/tenant values from scripts and README; treat them as compromised if you used them anywhere. 2) Run authorization manually using your own OAuth client credentials (do not reuse the repo's values), and avoid passing secrets on the command line; use interactive input or secure config files with 600 permissions. 3) Do not run scripts/auto-push.py unless you understand and control the remote repo (it will git add/commit/push and could leak data). 4) If you already ran the included credentials, rotate those app secrets in Azure/Google immediately. 5) Prefer running this code in an isolated environment and examine ~/.openclaw/credentials to ensure only expected tokens are stored. If you want, I can point to exact files/lines to remove or show safer ways to perform OAuth authorization and token storage.

Capability Analysis

Type: OpenClaw Skill Name: q012315-email-pro-optimized Version: 2.2.1 The bundle contains a hardcoded Azure Client Secret and Tenant ID within 'scripts/authorize-outlook.sh' and the README, which is a significant security vulnerability and poor practice. Additionally, it includes scripts like 'scripts/auto-push.py' and 'scripts/sync-updates.py' that perform automated Git operations (add, commit, push) and filesystem synchronization across directories (~/.openclaw/workspace-telegram-bot1). While these appear to be developer utilities for the 'Email Pro' tool, the combination of hardcoded credentials and automated repository/file manipulation poses a high risk of accidental data exposure or unauthorized system changes.

Capability Assessment

ℹ Purpose & Capability

Most files (providers, oauth_handler, email-pro) are coherent with a high-performance multi-provider email tool. However the repo includes an automatic git push script and hard-coded Outlook client ID/secret/tenant in scripts and README — these are not required to provide email access and are unexpected for a user-facing email client package.

⚠ Instruction Scope

SKILL.md instructs running authorization scripts (e.g., bash scripts/authorize-outlook.sh) which call authorize.py with a client_secret passed on the command line. That exposes secrets via process arguments and the repo's provided authorize-outlook.sh contains a hard-coded client_secret/tenant/client_id, which the instructions explicitly recommend executing.

✓ Install Mechanism

No install spec; SKILL.md lists python3 and requests which aligns with the Python scripts included. Absence of an install step reduces risk of arbitrary remote code download.

⚠ Credentials

The skill declares no required environment variables, yet the code reads GMAIL_CLIENT_ID/GMAIL_CLIENT_SECRET and supports storing credentials in ~/.openclaw/credentials/*. More importantly, the repository contains hard-coded Outlook client_id/client_secret/tenant values in authorize-outlook.sh and README — embedded sensitive credentials are disproportionate and dangerous.

ℹ Persistence & Privilege

The skill is not always-enabled and allows user invocation (normal). It does include scripts (auto-push.py, maintain.py) that can modify and push the skill repository to remote origins; these scripts are not automatically executed by the platform but provide capability to push local changes (possible exfiltration vector) if run.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install q012315-email-pro-optimized
After installation, invoke the skill by name or use /q012315-email-pro-optimized
Provide required inputs per the skill's parameter spec and get structured output

Version History

v2.2.1

v2.2.1 - 文档更新：仅更新了 README.md/说明文档，无功能代码变动 - 修订和完善说明内容，使文档更加清晰易用 - 保持现有功能和接口不变

v2.2.0

- Major update: Email Pro Optimized now supports QQ, Gmail, and Outlook accounts. - Adds full OAuth 2.0 support for Gmail and Outlook, including automatic token refresh. - Introduces high-performance batch fetch, multi-threaded concurrent access, and connection reuse for much faster operations—up to 4–5x speed improvement over previous versions. - Unified command interface for managing multiple email providers. - Enhanced stability with improved error handling and robust fault tolerance. - Updated documentation with quickstart guides, advanced usage, and troubleshooting.

Metadata

Slug q012315-email-pro-optimized

Version 2.2.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is email-pro-optimized?

高性能邮件工具 - 支持 QQ、Gmail、Outlook。IMAP读、SMTP写、OAuth 2.0、并发处理。速度比 imap-smtp-email 快 4-5 倍。 It is an AI Agent Skill for Claude Code / OpenClaw, with 122 downloads so far.

How do I install email-pro-optimized?

Run "/install q012315-email-pro-optimized" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is email-pro-optimized free?

Yes, email-pro-optimized is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does email-pro-optimized support?

email-pro-optimized is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created email-pro-optimized?

It is built and maintained by zone (@q012315); the current version is v2.2.1.

More Skills