← 返回 Skills 市场

163mail

Name: 163mail
Author: lxy1503

作者 lxy1503 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install 163mail

功能描述

Send, receive, search, read, reply, forward, and delete emails via 163.com using IMAP and SMTP with authorization codes.

使用说明 (SKILL.md)

163 Mail Skill

163 邮箱收发邮件技能。使用 IMAP 接收邮件，SMTP 发送邮件。

配置

1. 创建配置文件

复制 config.template.json 到 config.json：

cp /root/.openclaw/workspace/skills/163mail/config.template.json /root/.openclaw/workspace/skills/163mail/config.json

2. 填写配置

编辑 config.json：

{
  "email": "[email protected]",
  "imapPassword": "your-imap-authorization-code",
  "smtpPassword": "your-smtp-authorization-code"
}

3. 获取 163 邮箱授权码

登录 163 邮箱网页版：https://mail.163.com
进入设置 → POP3/SMTP/IMAP
开启 IMAP/SMTP 服务
点击 生成授权码
复制授权码到配置文件

⚠️ 注意：授权码不是登录密码，是专门用于第三方客户端的密码

命令

查看收件箱

/163mail inbox
/163mail list

查看最新 10 封邮件。

查看特定文件夹

/163mail folder 已发送
/163mail folder 草稿箱

可用文件夹：INBOX, 草稿箱，已发送，已删除，垃圾邮件，病毒文件夹，广告邮件

读取邮件

/163mail read \x3C邮件 ID>

搜索邮件

/163mail search from [email protected]
/163mail search subject 会议
/163mail search 关键词

发送邮件

/163mail send [email protected] 邮件主题 邮件正文

回复邮件

/163mail reply \x3C邮件 ID> 回复内容

转发邮件

/163mail forward \x3C邮件 ID> [email protected] 转发说明

删除邮件

/163mail delete \x3C邮件 ID>

环境变量

变量名	说明
`163MAIL_EMAIL`	163 邮箱地址
`163MAIL_IMAP_PASS`	IMAP 授权码
`163MAIL_SMTP_PASS`	SMTP 授权码（可选，默认同 IMAP）

文件结构

163mail/
├── SKILL.md              # 技能说明
├── _meta.json            # 技能元数据
├── index.js              # 主入口
├── config.template.json  # 配置模板
├── config.json           # 实际配置（需创建）
├── scripts/              # 辅助脚本
└── references/           # 参考资料

注意事项

授权码安全：不要将授权码提交到版本控制
频率限制：避免频繁调用，163 邮箱有速率限制
安全登录：首次使用可能需要在网页端确认信任设备
附件支持：当前版本不支持附件，仅纯文本邮件

故障排除

"Unsafe Login" 错误

163 邮箱安全策略阻止登录：

登录网页版邮箱确认信任设备
检查 IMAP/SMTP 服务是否开启
等待 10-15 分钟后重试

授权码错误

确认使用的是授权码而非登录密码
重新生成授权码并更新配置
确认 IMAP/SMTP 服务已开启

安全使用建议

Review carefully before installing. Remove the bundled config.json credential, revoke the exposed 163 authorization code, restore normal TLS verification, and delete or rewrite the hardcoded email-sending scripts so all sends and deletes require explicit user direction.

功能分析

Type: OpenClaw Skill Name: 163mail Version: 1.0.0 The skill bundle provides functional email management for 163.com but contains significant security vulnerabilities and poor practices. Specifically, index.js explicitly disables TLS certificate validation (rejectUnauthorized: false), exposing email credentials and content to Man-in-the-Middle (MitM) attacks. Furthermore, the bundle includes a config.json file containing hardcoded credentials and test scripts (send-email.js, send-word-email.js) that send data to a specific external address ([email protected]). While these appear to be unintentional developer oversights rather than intentional malware, the high-risk configuration warrants a suspicious classification.

能力标签

crypto

能力评估

⚠ Purpose & Capability

The core IMAP/SMTP read, search, send, reply, forward, and delete functions match the stated purpose, but the package also includes hardcoded-send helper scripts such as send-email.js: "skill.utils.sendEmail('[email protected]', ...)", which are not described in SKILL.md's slash-command workflow.

⚠ Instruction Scope

SKILL.md presents user-directed commands like "/163mail send" and "/163mail delete", while send-word-email.js contains a top-level call "createAndSendWordEmail();" that would send an email if that file is run, without a documented prompt or recipient choice.

ℹ Install Mechanism

There is no install spec or install-time auto-run evidence, but package.json declares runtime dependencies and an "install-deps": "npm install" script; users should review dependencies before enabling the code path.

⚠ Credentials

Mail credentials are expected for this purpose, but config.json already contains a real-looking 163.com address and authorization code, and index.js sets "tlsOptions: { rejectUnauthorized: false }", which is disproportionate for normal secure mail access.

⚠ Persistence & Privilege

No background daemon or self-persistence is shown, but the skill stores authorization codes in config.json and exposes full mailbox actions including send, reply, forward, and delete; the bundled default credential makes that privilege unsafe.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install 163mail
安装完成后，直接呼叫该 Skill 的名称或使用 /163mail 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

163mail v1.0.0 — Initial Release - Provides 163.com email sending and receiving via IMAP/SMTP. - Supports inbox viewing, folder management, email reading, searching, sending, replying, forwarding, and deletion with slash commands. - Configuration and authorization code setup instructions included. - Environment variable support for sensitive info. - Attachment handling not supported in current version. - Troubleshooting guidance for common errors.

元数据

Slug 163mail

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

163mail 是什么？

Send, receive, search, read, reply, forward, and delete emails via 163.com using IMAP and SMTP with authorization codes. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 27 次。

如何安装 163mail？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install 163mail」即可一键安装，无需额外配置。

163mail 是免费的吗？

是的，163mail 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

163mail 支持哪些平台？

163mail 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 163mail？

由 lxy1503（@lxy1503）开发并维护，当前版本 v1.0.0。