← 返回 Skills 市场

email-cron-handler

Name: email-cron-handler
Author: pebblerwon

作者王浩楠 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

261

总下载

当前安装

版本数

在 OpenClaw 中安装

/install email-cron-handler

功能描述

邮件指令定时处理任务。通过 IMAP/SMTP 自动接收并执行邮件中的指令，以邮件形式回复执行结果。适用于：(1) 创建定时任务监控指定邮箱 (2) 通过邮件下发指令给 AI Agent (3) 实现邮件驱动的自动化工作流。需配置：收件邮箱、SMTP/IMAP 配置、指令发件人白名单。

使用说明 (SKILL.md)

Email Cron Handler

通过邮件接收指令、定时执行并回复结果的自动化工作流。

核心功能

定时检查指定邮箱的新邮件
过滤白名单发件人的指令邮件
执行邮件中的指令并回复结果
支持成功/失败/超时状态反馈

文件结构

email-cron-handler/
├── SKILL.md
├── scripts/
│   ├── process_email.py      # 主处理脚本
│   └── config.json.example   # 配置示例文件
└── references/
    └── config-template.md    # 详细配置说明

快速开始

Step 1: 配置邮箱参数

cd ~/.agents/skills/email-cron-handler/scripts
cp config.json.example config.json
# 编辑 config.json，填入你的实际配置

配置项说明：

email: 你的邮箱账号
password: 邮箱授权码（QQ邮箱需在设置中开启IMAP/SMTP后获取）
imap_host/imap_port: IMAP 服务器地址和端口
smtp_host/smtp_port: SMTP 服务器地址和端口
whitelist_sender: 白名单发件人（只处理这些地址发来的邮件）

Step 2: 初始化存储目录

mkdir -p ~/.openclaw/workspace/memory
echo '[]' > ~/.openclaw/workspace/memory/processed_emails.json

Step 3: 创建定时任务

方式一：使用脚本（推荐）

Cron 任务只需执行简单逻辑：

调用 python process_email.py fetch 获取未处理邮件
对每封邮件执行指令
调用 python process_email.py reply \x3Cuid> \x3C结果> 回复结果

方式二：直接用 LLM（当前方式）

保持现有指令模板即可，脚本作为备用/调试工具。

脚本用法

# 获取未处理邮件
python process_email.py fetch

# 回复邮件（内容直接提供）
python process_email.py reply \x3Cuid> "执行结果内容"

# 回复邮件（从文件读取内容）
python process_email.py reply \x3Cuid> --file result.txt

# 标记邮件为已处理（不回复）
python process_email.py mark \x3Cuid>

常见问题

Q: 如何测试脚本？

cd ~/.agents/skills/email-cron-handler/scripts
python process_email.py fetch

Q: 授权码在哪里获取？ A: QQ 邮箱 → 设置 → 账户 → 开启 IMAP/SMTP 服务 → 获取授权码

Q: 脚本和 LLM 指令选哪个？ A:

脚本方式：稳定快速，适合简单场景
LLM 指令方式：灵活可扩展，适合复杂指令执行

安全使用建议

This skill will read a mailbox and can cause your agent to execute instructions embedded in emails; that is powerful but also dangerous if misused. Before installing or running it: - Do not place real/privileged credentials in plaintext config.json or pass them in cron payloads. Use an app-specific token, a dedicated throwaway mailbox, or a secure secret store (OS keychain / secrets manager) and avoid embedding secrets in scheduler payloads or agent turns. - Prefer the provided Python script (fetch/reply) to run in a tightly sandboxed environment and avoid giving the LLM direct authorization to 'execute' commands. If you must automate, restrict the allowed command set to a whitelist of safe operations and implement explicit parsing/validation rather than treating the whole email body as executable instructions. - Avoid scheduling regular autonomous agent turns that include secrets; if using a scheduler, ensure payloads do not contain credentials and that the execution environment enforces strict egress/network controls and logging policies. - Use a dedicated, low-privilege mailbox for testing; rotate credentials often; log and monitor outgoing SMTP activity. - If you want to proceed safely, request changes from the skill author (or modify locally): remove credential embedding in cron payloads, make whitelist_sender an explicit list, implement explicit allowed-command parsing, and store secrets in a secure store. Confidence is high that these are genuine risks (design choices rather than mere bugs). Additional information that would reduce risk: (1) confirmation that the agent never receives credentials in runtime payloads and that only the local script runs (no LLM execution), (2) use of secure secret storage for IMAP/SMTP credentials, and (3) an allowlist of permitted commands with sandboxing for any action the agent performs.

功能分析

Type: OpenClaw Skill Name: email-cron-handler Version: 1.0.0 The skill bundle implements a remote command execution (RCE) framework that uses email (IMAP/SMTP) as a command-and-control (C2) channel. The instructions in 'SKILL.md' and 'references/01-config-template.md' direct the AI agent to fetch emails from a whitelisted sender and execute the body of those emails as arbitrary instructions, effectively creating a remote shell. While the tool includes a whitelist mechanism and is framed as an automation utility, the combination of external command execution and provided 'cron' templates for persistence creates a high-risk environment similar to a backdoor or remote access trojan (RAT).

能力评估

ℹ Purpose & Capability

The files (SKILL.md, config template, and process_email.py) match the stated purpose: fetching IMAP mail, filtering by sender, replying via SMTP, and enabling email-driven automation. However, the design mixes two execution paths: (a) a benign helper script that only fetches/replies, and (b) explicit agent/LLM payload templates that instruct the model to 'execute the instruction' found in email. Requiring the agent to execute arbitrary emailed instructions broadens capability beyond what a conservative 'mail fetch/reply' helper would need.

⚠ Instruction Scope

SKILL.md and the reference template explicitly tell the LLM to read local processed_emails.json, fetch up to 50 messages, parse the email body as an instruction, '尝试执行该指令（查询天气/搜索信息/执行操作等）', and always reply. That grants the agent very broad discretion to perform arbitrary tasks derived from potentially untrusted email content. The cron/payload examples embed full IMAP/SMTP credentials into the agent turn payload, which would transmit secrets to whatever cron/agent execution system handles that payload.

✓ Install Mechanism

No install step or networked downloads are used; this is an instruction-only skill with one local Python script. That minimizes installer risk (nothing downloaded/extracted), but the code and instructions still request/handle secrets and schedule autonomous runs.

⚠ Credentials

The skill asks you to store your email and password/authorization code in a plaintext config.json and to embed those values into cron payloads. While IMAP/SMTP credentials are functionally needed to read/send email, the skill does not use secure secret storage or recommend safe practices, and the cron payload design causes credentials to be placed in scheduler metadata and in the agent turn (likely visible to logs or an execution service). The skill also does not declare these as required env vars (it uses a local file), which reduces clarity about where secrets will live.

⚠ Persistence & Privilege

always:false, but the provided cron examples schedule autonomous agent turns that include credentials and instructions to execute arbitrary commands. Regular autonomous invocation with embedded secrets materially increases blast radius (credentials could be logged, stored, or observed by the scheduler/execution environment). The skill does not modify other skills or system configs, but its recommended scheduling practice is risky.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install email-cron-handler
安装完成后，直接呼叫该 Skill 的名称或使用 /email-cron-handler 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of email-cron-handler: - Automates processing of command emails via IMAP/SMTP and replies with execution results. - Supports scheduled mailbox monitoring, sender whitelisting, and execution status feedback (success/failure/timeout). - Provides example configuration and documentation for quick setup. - Includes scripts for fetching, replying to, and marking processed emails.

元数据

Slug email-cron-handler

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题