← Back to Skills Marketplace

cloudflare-mail-reader

Name: cloudflare-mail-reader
Author: jcwang502

by jcwang502 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install cloudflare-mail-reader

Description

Read one mailbox's messages or a paginated mail list from a Cloudflare temporary mail system through the `/admin/mails` admin API and return structured resul...

README (SKILL.md)

Cloudflare Mail Reader

Use this skill to read mailbox messages through https://mail-api.suilong.online/admin/mails.

Follow This Workflow

Collect or infer address, limit, and offset.
Default limit to 20 and offset to 0 when the user does not specify them.
Never store real credentials in the skill. Pass runtime credentials with CLI flags or environment variables.
Run scripts/read_mails.py to fetch and normalize the response.
The normalized result includes verification_code when a code can be extracted from subject/text/html content.
Return the script's JSON output directly unless the user asks for a reformatted summary.
Use --output-format csv and optionally --output-file \x3Cpath> when the user asks for exportable results.
Preserve the normalized statuses: ok, auth_error, error.
Use --include-raw only when the user explicitly wants the full original payload for debugging.

Run The Script

Read one mailbox:

C:\Users\sl\AppData\Local\Python\bin\python.exe scripts/read_mails.py `
  --address [email protected] `
  --limit 20 `
  --offset 0 `
  --admin-auth $env:CLOUDFLARE_MAIL_ADMIN_AUTH

Read recent mails without an address filter:

C:\Users\sl\AppData\Local\Python\bin\python.exe scripts/read_mails.py `
  --limit 20 `
  --offset 0 `
  --admin-auth $env:CLOUDFLARE_MAIL_ADMIN_AUTH

Export messages as CSV:

C:\Users\sl\AppData\Local\Python\bin\python.exe scripts/read_mails.py `
  --address [email protected] `
  --limit 20 `
  --output-format csv `
  --output-file .\mail-results.csv `
  --admin-auth $env:CLOUDFLARE_MAIL_ADMIN_AUTH

Runtime Credentials

Prefer environment variables for secrets:

CLOUDFLARE_MAIL_ADMIN_AUTH
CLOUDFLARE_MAIL_BEARER_TOKEN
CLOUDFLARE_MAIL_CUSTOM_AUTH
CLOUDFLARE_MAIL_FINGERPRINT
CLOUDFLARE_MAIL_LANG
CLOUDFLARE_MAIL_USER_TOKEN
CLOUDFLARE_MAIL_MAILS_API_URL

Read More Only When Needed

Read references/api.md for the endpoint contract and normalization rules.
Read references/examples.md for example prompts and outputs.

Usage Guidance

Before installing or invoking: 1) Verify who operates https://mail-api.suilong.online (this is not an official cloudflare.com domain); do not pass admin or long-lived tokens to an endpoint you don't control. 2) Prefer short‑lived credentials or scoped tokens, and rotate any token used with this skill. 3) The SKILL.md lists several sensitive environment variables — the registry metadata did not declare them as required; treat them as sensitive and only supply at runtime. 4) If you need stronger assurance, review the full read_mails.py script (the provided review was truncated) or run it in an isolated environment where credentials and network access are controlled. 5) If you want to avoid sending secrets to a third party, change --api-url to a backend you control or decline to install the skill.

Capability Analysis

Type: OpenClaw Skill Name: cloudflare-mail-reader Version: 1.0.0 The skill is designed to interact with a specific third-party temporary mail admin API (suilong.online) and includes specialized logic in scripts/read_mails.py to automatically extract verification codes (OTPs) from email bodies using regex. While it functions as described, the combination of a hardcoded niche API endpoint and automated OTP extraction is a high-risk pattern often associated with account automation or 2FA bypass. Additionally, the script allows writing output to arbitrary local file paths via the --output-file argument, which presents a risk of file overwriting if the agent is manipulated.

Capability Assessment

ℹ Purpose & Capability

Name, description, SKILL.md, and the included script all target an admin API that returns mailbox messages — this is coherent. However the skill is named “cloudflare-mail-reader” while the default API URL is mail-api.suilong.online (not an official cloudflare.com host). That can be legitimate (a third‑party deployment) but is a potential source-of-trust ambiguity the user should verify. Also the registry metadata declares no required env vars while SKILL.md lists multiple sensitive environment variables the script will accept.

✓ Instruction Scope

The SKILL.md workflow is focused: collect address/limit/offset, run the included script, pass runtime credentials via flags or env vars, return normalized JSON or CSV. It does not instruct reading unrelated local files or sending data to endpoints other than the configured API URL. It explicitly warns not to store credentials in the skill.

✓ Install Mechanism

No install spec is provided (instruction-only with a bundled script). That is the lowest-risk install mechanism: nothing is downloaded at install time. The included Python script will execute when invoked, but there is no external installer or archive to fetch.

⚠ Credentials

The skill accepts multiple sensitive runtime headers/tokens (x-admin-auth, Authorization Bearer, x-user-token, etc.). These are proportionate for an admin mail API, but they are high‑sensitivity secrets and the registry metadata did not mark any required env vars. Important: using the skill will send those tokens to the configured API URL (default: mail-api.suilong.online). If that endpoint is not under your control or you do not trust it, these credentials could be exposed.

✓ Persistence & Privilege

The skill is not always-enabled, is user-invocable, and the agent config allows implicit invocation. This is typical for skills. There is no install-time modification of other skills or global agent settings in the bundle.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install cloudflare-mail-reader
After installation, invoke the skill by name or use /cloudflare-mail-reader
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of cloudflare-mail-reader skill. - Supports reading mailbox messages and paginated mail lists via Cloudflare temporary mail system admin API. - Defaults to limit 20 and offset 0 if not specified by the user. - Normalizes output, extracting verification codes where possible. - Allows CSV export and inclusion of raw payloads when requested. - Requires runtime credentials passed via environment variables; credentials are never stored in the skill.

Metadata

Slug cloudflare-mail-reader

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is cloudflare-mail-reader?

Read one mailbox's messages or a paginated mail list from a Cloudflare temporary mail system through the `/admin/mails` admin API and return structured resul... It is an AI Agent Skill for Claude Code / OpenClaw, with 95 downloads so far.

How do I install cloudflare-mail-reader?

Run "/install cloudflare-mail-reader" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is cloudflare-mail-reader free?

Yes, cloudflare-mail-reader is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does cloudflare-mail-reader support?

cloudflare-mail-reader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created cloudflare-mail-reader?

It is built and maintained by jcwang502 (@jcwang502); the current version is v1.0.0.

More Skills