← 返回 Skills 市场
Email Extractor
作者
loverun321
· GitHub ↗
· v1.0.0
376
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install email-extractor
功能描述
Extract and deduplicate up to 20 email addresses from any webpage URL or plain text content.
使用说明 (SKILL.md)
Email Extractor
Extract email addresses from any webpage or text content.
Features
- Extract emails from URLs
- Extract emails from plain text
- Deduplicate results
- Limit to top 20 results
Price
- 0.001 USDT per extraction
Usage
"Extract emails from https://example.com"
"Get all email addresses from this page"
"Find emails in [text content]"
Example Response
{
"emails": ["[email protected]", "[email protected]"],
"count": 2,
"source": "https://example.com"
}
Integration
- API Key: sk_93c5ff38cc3e6112623d361fffcc5d1eb1b5844eac9c40043b57c0e08f91430e
- Price: 0.001 USDT per call
安全使用建议
This skill mostly does what it says (fetches a page or parses text and returns up to 20 deduplicated emails), but there are mismatches you should clarify before installing. SKILL.md includes a secret-looking API key and a per-call price while the code never uses any credentials and always reports "payment_status": "paid"—that inconsistency could be an accidental leak of a key or an attempt to steer you to an off-platform payment flow. Also note that the skill will fetch arbitrary URLs (normal for scraping) which can expose your agent to untrusted content and, if the agent has network access to internal hosts, could be abused for SSRF. Recommended steps: (1) Ask the publisher to explain the API key/pricing and remove any real secrets from docs; (2) verify where payments are processed and that billing is enforced outside the skill if intended; (3) run the skill in a sandboxed environment with restricted network access before any production use; (4) rotate any exposed API key immediately if it belongs to you; and (5) consider legal/privacy implications of scraping and storing email addresses before using the skill.
功能分析
Type: OpenClaw Skill
Name: email-extractor
Version: 1.0.0
The skill performs email extraction from text or URLs as described, but it is classified as suspicious due to the risk of Server-Side Request Forgery (SSRF) in handler.py, where requests.get() fetches user-provided URLs without destination filtering. Additionally, SKILL.md contains a hardcoded API key (sk_93c5...) that is not utilized in the code, and the handler hardcodes a 'paid' status, which is inconsistent with the stated USDT pricing model.
能力评估
Purpose & Capability
Name/description match the code: handler.py fetches a URL or uses provided text, extracts up to 20 deduplicated emails. However SKILL.md advertises an API key and a per-call price that the code does not use; the code also returns a hardcoded "payment_status": "paid"—this is disproportionate and inconsistent with the stated payment integration.
Instruction Scope
SKILL.md instructs normal usage for extracting emails and does not ask the agent to read unrelated files or system state. The code does perform network fetches of arbitrary URLs (expected for a web extractor) which can expose the agent to untrusted content and can be abused if used on internal URLs (SSRF-like risk).
Install Mechanism
No install spec; the skill is instruction/code-only and will not pull external installers. handler.py uses the requests library, but no installation steps are declared—runtime must provide requests. This is low install mechanism risk.
Credentials
The skill declares no required env vars, but SKILL.md exposes an apparent secret/API key (prefixed sk_...) and a pricing statement. The code never references that key or any credentials. Including a secret-looking key in documentation without use is inconsistent and may indicate credential leakage, mistaken sample data, or an attempt to direct users to an external paid endpoint not implemented in the code.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not request persistent system privileges. Autonomous invocation is allowed by default (no additional privilege flags present).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install email-extractor - 安装完成后,直接呼叫该 Skill 的名称或使用
/email-extractor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of Email Extractor skill.
- Extracts email addresses from URLs or plain text.
- Automatically deduplicates results.
- Returns up to 20 unique email addresses per extraction.
- Clear example responses provided.
- Priced at 0.001 USDT per extraction.
元数据
常见问题
Email Extractor 是什么?
Extract and deduplicate up to 20 email addresses from any webpage URL or plain text content. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 376 次。
如何安装 Email Extractor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install email-extractor」即可一键安装,无需额外配置。
Email Extractor 是免费的吗?
是的,Email Extractor 完全免费(开源免费),可自由下载、安装和使用。
Email Extractor 支持哪些平台?
Email Extractor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Email Extractor?
由 loverun321(@loverun321)开发并维护,当前版本 v1.0.0。
推荐 Skills