← 返回 Skills 市场

cloudflare-mail-reader

Name: cloudflare-mail-reader
Author: jcwang502

作者 jcwang502 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

总下载

当前安装

版本数

在 OpenClaw 中安装

/install cloudflare-mail-reader

功能描述

Read one mailbox's messages or a paginated mail list from a Cloudflare temporary mail system through the `/admin/mails` admin API and return structured resul...

使用说明 (SKILL.md)

Cloudflare Mail Reader

Use this skill to read mailbox messages through https://mail-api.suilong.online/admin/mails.

Follow This Workflow

Collect or infer address, limit, and offset.
Default limit to 20 and offset to 0 when the user does not specify them.
Never store real credentials in the skill. Pass runtime credentials with CLI flags or environment variables.
Run scripts/read_mails.py to fetch and normalize the response.
The normalized result includes verification_code when a code can be extracted from subject/text/html content.
Return the script's JSON output directly unless the user asks for a reformatted summary.
Use --output-format csv and optionally --output-file \x3Cpath> when the user asks for exportable results.
Preserve the normalized statuses: ok, auth_error, error.
Use --include-raw only when the user explicitly wants the full original payload for debugging.

Run The Script

Read one mailbox:

C:\Users\sl\AppData\Local\Python\bin\python.exe scripts/read_mails.py `
  --address [email protected] `
  --limit 20 `
  --offset 0 `
  --admin-auth $env:CLOUDFLARE_MAIL_ADMIN_AUTH

Read recent mails without an address filter:

C:\Users\sl\AppData\Local\Python\bin\python.exe scripts/read_mails.py `
  --limit 20 `
  --offset 0 `
  --admin-auth $env:CLOUDFLARE_MAIL_ADMIN_AUTH

Export messages as CSV:

C:\Users\sl\AppData\Local\Python\bin\python.exe scripts/read_mails.py `
  --address [email protected] `
  --limit 20 `
  --output-format csv `
  --output-file .\mail-results.csv `
  --admin-auth $env:CLOUDFLARE_MAIL_ADMIN_AUTH

Runtime Credentials

Prefer environment variables for secrets:

CLOUDFLARE_MAIL_ADMIN_AUTH
CLOUDFLARE_MAIL_BEARER_TOKEN
CLOUDFLARE_MAIL_CUSTOM_AUTH
CLOUDFLARE_MAIL_FINGERPRINT
CLOUDFLARE_MAIL_LANG
CLOUDFLARE_MAIL_USER_TOKEN
CLOUDFLARE_MAIL_MAILS_API_URL

Read More Only When Needed

Read references/api.md for the endpoint contract and normalization rules.
Read references/examples.md for example prompts and outputs.

安全使用建议

Before installing or invoking: 1) Verify who operates https://mail-api.suilong.online (this is not an official cloudflare.com domain); do not pass admin or long-lived tokens to an endpoint you don't control. 2) Prefer short‑lived credentials or scoped tokens, and rotate any token used with this skill. 3) The SKILL.md lists several sensitive environment variables — the registry metadata did not declare them as required; treat them as sensitive and only supply at runtime. 4) If you need stronger assurance, review the full read_mails.py script (the provided review was truncated) or run it in an isolated environment where credentials and network access are controlled. 5) If you want to avoid sending secrets to a third party, change --api-url to a backend you control or decline to install the skill.

功能分析

Type: OpenClaw Skill Name: cloudflare-mail-reader Version: 1.0.0 The skill is designed to interact with a specific third-party temporary mail admin API (suilong.online) and includes specialized logic in scripts/read_mails.py to automatically extract verification codes (OTPs) from email bodies using regex. While it functions as described, the combination of a hardcoded niche API endpoint and automated OTP extraction is a high-risk pattern often associated with account automation or 2FA bypass. Additionally, the script allows writing output to arbitrary local file paths via the --output-file argument, which presents a risk of file overwriting if the agent is manipulated.

能力评估

ℹ Purpose & Capability

Name, description, SKILL.md, and the included script all target an admin API that returns mailbox messages — this is coherent. However the skill is named “cloudflare-mail-reader” while the default API URL is mail-api.suilong.online (not an official cloudflare.com host). That can be legitimate (a third‑party deployment) but is a potential source-of-trust ambiguity the user should verify. Also the registry metadata declares no required env vars while SKILL.md lists multiple sensitive environment variables the script will accept.

✓ Instruction Scope

The SKILL.md workflow is focused: collect address/limit/offset, run the included script, pass runtime credentials via flags or env vars, return normalized JSON or CSV. It does not instruct reading unrelated local files or sending data to endpoints other than the configured API URL. It explicitly warns not to store credentials in the skill.

✓ Install Mechanism

No install spec is provided (instruction-only with a bundled script). That is the lowest-risk install mechanism: nothing is downloaded at install time. The included Python script will execute when invoked, but there is no external installer or archive to fetch.

⚠ Credentials

The skill accepts multiple sensitive runtime headers/tokens (x-admin-auth, Authorization Bearer, x-user-token, etc.). These are proportionate for an admin mail API, but they are high‑sensitivity secrets and the registry metadata did not mark any required env vars. Important: using the skill will send those tokens to the configured API URL (default: mail-api.suilong.online). If that endpoint is not under your control or you do not trust it, these credentials could be exposed.

✓ Persistence & Privilege

The skill is not always-enabled, is user-invocable, and the agent config allows implicit invocation. This is typical for skills. There is no install-time modification of other skills or global agent settings in the bundle.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install cloudflare-mail-reader
安装完成后，直接呼叫该 Skill 的名称或使用 /cloudflare-mail-reader 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of cloudflare-mail-reader skill. - Supports reading mailbox messages and paginated mail lists via Cloudflare temporary mail system admin API. - Defaults to limit 20 and offset 0 if not specified by the user. - Normalizes output, extracting verification codes where possible. - Allows CSV export and inclusion of raw payloads when requested. - Requires runtime credentials passed via environment variables; credentials are never stored in the skill.

元数据

Slug cloudflare-mail-reader

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题