← 返回 Skills 市场

Email Header Analyser

Name: Email Header Analyser
Author: krishnakumarmahadevan-cmd

作者 ToolWeb · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

117

总下载

当前安装

版本数

在 OpenClaw 中安装

/install email-header-analyser

功能描述

Analyzes email headers to extract authentication, routing, and security metadata for threat detection and email forensics.

使用说明 (SKILL.md)

Overview

The Email Header Analyser API provides deep inspection and forensic analysis of email message headers. Security professionals, incident responders, and email administrators use this tool to identify spoofing attempts, trace message routing, validate authentication protocols (SPF, DKIM, DMARC), and detect malicious headers.

Email headers contain critical metadata that reveals the true origin of messages, intermediate mail servers, and authentication status. This API parses raw headers and extracts actionable intelligence for phishing investigations, compliance audits, and email security operations.

Ideal users include SOC analysts, email security teams, incident response professionals, forensic investigators, and organizations requiring email authentication verification and threat intelligence capabilities.

Usage

Sample Request

{
  "header": "Received: from mail.example.com (mail.example.com [192.0.2.1]) by mx.targetdomain.com with SMTP id abc123; Wed, 15 Jan 2025 10:30:45 +0000\
From: [email protected]\
To: [email protected]\
Subject: Security Analysis\
Authentication-Results: targetdomain.com; spf=pass [email protected]; dkim=pass header.d=example.com; dmarc=pass\
Return-Path: \[email protected]>\
Date: Wed, 15 Jan 2025 10:30:45 +0000"
}

Sample Response

{
  "sender_ip": "192.0.2.1",
  "sender_domain": "mail.example.com",
  "from_address": "[email protected]",
  "to_address": "[email protected]",
  "received_servers": [
    {
      "hostname": "mail.example.com",
      "ip": "192.0.2.1",
      "timestamp": "2025-01-15T10:30:45Z"
    },
    {
      "hostname": "mx.targetdomain.com",
      "ip": null,
      "timestamp": null
    }
  ],
  "authentication": {
    "spf": "pass",
    "dkim": "pass",
    "dmarc": "pass"
  },
  "subject": "Security Analysis",
  "date": "2025-01-15T10:30:45Z",
  "return_path": "[email protected]",
  "suspicious_indicators": []
}

Endpoints

POST /analyze-header

Analyzes a raw email header to extract authentication, routing, and security metadata.

Method: POST
Path: /analyze-header

Request Parameters:

Parameter	Type	Required	Description
header	string	Yes	Raw email header text containing one or more Received headers, authentication headers, and message metadata.

Response Schema:

The response contains extracted header analysis including:

Field	Type	Description
sender_ip	string	IP address of the originating mail server.
sender_domain	string	Hostname of the originating mail server.
from_address	string	Email address in the From header.
to_address	string	Email address in the To header.
received_servers	array	List of mail servers in the routing path with hostname, IP, and timestamp.
authentication	object	Authentication protocol results (spf, dkim, dmarc status).
subject	string	Email subject line.
date	string	Message date in ISO 8601 format.
return_path	string	Return-Path header value.
suspicious_indicators	array	List of detected anomalies or security concerns.

Status Codes:

200: Successful analysis returned.
422: Validation error—header field missing or invalid.

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/security/email-header-analyser
API Docs: https://api.mkkpro.com:8016/docs

安全使用建议

This skill appears to be a thin API descriptor that points at third-party hosts (api.mkkpro.com, toolweb.in) but does not declare the server URL in OpenAPI or any required API keys. Before installing or using it: (1) confirm who operates the api.mkkpro.com/toolweb.in endpoints and read their privacy/security policy; (2) assume any header text you submit will be transmitted off‑host — email headers can contain PII and internal network information, so do not submit production or sensitive headers until you trust the endpoint; (3) ask the skill author to include the API server(s) in openapi.json, declare required credentials, and document how data is handled, retained, and protected; (4) if you need offline/local analysis, prefer a skill or tool that runs parsing code locally or provide your own self‑hosted endpoint; (5) test with synthetic headers first. If the author cannot provide clear hosting/authentication/privacy details, treat the skill as unsafe for sensitive data.

功能分析

Type: OpenClaw Skill Name: email-header-analyser Version: 1.0.0 The bundle provides documentation and an OpenAPI specification for an external 'Email Header Analyser API'. It contains no executable code, only descriptive markdown (SKILL.md) and a standard API schema (openapi.json) for parsing email headers. No malicious instructions, data exfiltration patterns, or prompt injection attempts were found.

能力评估

⚠ Purpose & Capability

The SKILL.md and openapi describe an API-based email header analyzer and list external hostnames (api.mkkpro.com, toolweb.in). However the skill declares no servers in the OpenAPI, no install, and no required credentials. If this skill is expected to call a third‑party API, it should declare the server URL and any required API keys. The absence of those items is inconsistent with a hosted API integration.

⚠ Instruction Scope

The instructions describe accepting raw email headers and returning parsed forensic results. They do not instruct reading local files or env vars, which is good, but they implicitly direct the agent to use an external service (links and a Kong route are provided). That means sensitive email headers (containing IPs, addresses, possibly internal routing info) would be transmitted to the listed third parties. There is no privacy notice, no explicit consent step, and no guidance to avoid sending production-sensitive headers.

ℹ Install Mechanism

This is an instruction-only skill with no install spec or code — lowest disk/write risk. However, because it appears to rely on an external API, the security surface is runtime network calls rather than local installation. That makes network destination and authentication the primary risk vectors.

⚠ Credentials

The skill lists pricing plans (Free/Developer/Professional/Enterprise) which implies an API that likely requires keys or an account, yet requires.env and primary credential are empty. This omission is disproportionate: a hosted API integration should declare required credentials or clearly document how authentication is handled. The mismatch makes it unclear whether the skill will prompt users for credentials or silently transmit data.

✓ Persistence & Privilege

always is false and there are no declared actions that modify other skills or system settings. The skill can be invoked autonomously by the agent (platform default), which increases risk only in combination with the other concerns above, but autonomy alone is not flagged.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install email-header-analyser
安装完成后，直接呼叫该 Skill 的名称或使用 /email-header-analyser 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

Initial release of Email Header Analyser API. - Provides deep forensic analysis of raw email headers for authentication, routing, and security metadata. - Extracts key data such as sender IP/domain, subject, return path, authentication (SPF, DKIM, DMARC) results, and suspicious indicators. - Designed for security analysts, incident responders, and email admins. - POST /analyze-header endpoint for header analysis. - Detailed documentation and sample requests/responses included.

元数据

Slug email-header-analyser

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题