← Back to Skills Marketplace
Email Extractor
by
loverun321
· GitHub ↗
· v1.0.0
376
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install email-extractor
Description
Extract and deduplicate up to 20 email addresses from any webpage URL or plain text content.
README (SKILL.md)
Email Extractor
Extract email addresses from any webpage or text content.
Features
- Extract emails from URLs
- Extract emails from plain text
- Deduplicate results
- Limit to top 20 results
Price
- 0.001 USDT per extraction
Usage
"Extract emails from https://example.com"
"Get all email addresses from this page"
"Find emails in [text content]"
Example Response
{
"emails": ["[email protected]", "[email protected]"],
"count": 2,
"source": "https://example.com"
}
Integration
- API Key: sk_93c5ff38cc3e6112623d361fffcc5d1eb1b5844eac9c40043b57c0e08f91430e
- Price: 0.001 USDT per call
Usage Guidance
This skill mostly does what it says (fetches a page or parses text and returns up to 20 deduplicated emails), but there are mismatches you should clarify before installing. SKILL.md includes a secret-looking API key and a per-call price while the code never uses any credentials and always reports "payment_status": "paid"—that inconsistency could be an accidental leak of a key or an attempt to steer you to an off-platform payment flow. Also note that the skill will fetch arbitrary URLs (normal for scraping) which can expose your agent to untrusted content and, if the agent has network access to internal hosts, could be abused for SSRF. Recommended steps: (1) Ask the publisher to explain the API key/pricing and remove any real secrets from docs; (2) verify where payments are processed and that billing is enforced outside the skill if intended; (3) run the skill in a sandboxed environment with restricted network access before any production use; (4) rotate any exposed API key immediately if it belongs to you; and (5) consider legal/privacy implications of scraping and storing email addresses before using the skill.
Capability Analysis
Type: OpenClaw Skill
Name: email-extractor
Version: 1.0.0
The skill performs email extraction from text or URLs as described, but it is classified as suspicious due to the risk of Server-Side Request Forgery (SSRF) in handler.py, where requests.get() fetches user-provided URLs without destination filtering. Additionally, SKILL.md contains a hardcoded API key (sk_93c5...) that is not utilized in the code, and the handler hardcodes a 'paid' status, which is inconsistent with the stated USDT pricing model.
Capability Assessment
Purpose & Capability
Name/description match the code: handler.py fetches a URL or uses provided text, extracts up to 20 deduplicated emails. However SKILL.md advertises an API key and a per-call price that the code does not use; the code also returns a hardcoded "payment_status": "paid"—this is disproportionate and inconsistent with the stated payment integration.
Instruction Scope
SKILL.md instructs normal usage for extracting emails and does not ask the agent to read unrelated files or system state. The code does perform network fetches of arbitrary URLs (expected for a web extractor) which can expose the agent to untrusted content and can be abused if used on internal URLs (SSRF-like risk).
Install Mechanism
No install spec; the skill is instruction/code-only and will not pull external installers. handler.py uses the requests library, but no installation steps are declared—runtime must provide requests. This is low install mechanism risk.
Credentials
The skill declares no required env vars, but SKILL.md exposes an apparent secret/API key (prefixed sk_...) and a pricing statement. The code never references that key or any credentials. Including a secret-looking key in documentation without use is inconsistent and may indicate credential leakage, mistaken sample data, or an attempt to direct users to an external paid endpoint not implemented in the code.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not request persistent system privileges. Autonomous invocation is allowed by default (no additional privilege flags present).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install email-extractor - After installation, invoke the skill by name or use
/email-extractor - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Email Extractor skill.
- Extracts email addresses from URLs or plain text.
- Automatically deduplicates results.
- Returns up to 20 unique email addresses per extraction.
- Clear example responses provided.
- Priced at 0.001 USDT per extraction.
Metadata
Frequently Asked Questions
What is Email Extractor?
Extract and deduplicate up to 20 email addresses from any webpage URL or plain text content. It is an AI Agent Skill for Claude Code / OpenClaw, with 376 downloads so far.
How do I install Email Extractor?
Run "/install email-extractor" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Email Extractor free?
Yes, Email Extractor is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Email Extractor support?
Email Extractor is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Email Extractor?
It is built and maintained by loverun321 (@loverun321); the current version is v1.0.0.
More Skills