← 返回 Skills 市场
chowardcode

Email Tool

作者 chowardcode · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
924
总下载
0
收藏
5
当前安装
3
版本数
在 OpenClaw 中安装
/install email-tool
功能描述
Send and search emails via Zoho using specified recipients, subject, body, and search queries with optional CC, BCC, and read marking.
使用说明 (SKILL.md)

Email Skill

Description: Use this skill to send and read emails (IMAP/SMTP). Designed for Zoho Mail but configurable. Capabilities: email.send, email.search

Tools

email.send

Send an email to one or more recipients.

Parameters:

  • to (string, required): Comma-separated list of recipients.
  • subject (string, required): The email subject.
  • body (string, required): The email body (HTML or plain text).
  • cc (string, optional): CC recipients.
  • bcc (string, optional): BCC recipients.

email.search

Search for emails in the inbox.

Parameters:

  • query (string, required): Search query (e.g. from:example.com, subject:Invoice).
  • limit (number, optional): Max results (default 10).
  • markRead (boolean, optional): Mark as read after fetching (default false).

Configuration (NO HARDCODED SECRETS)

This skill must not contain credentials.

It loads secrets from either:

  1. A JSON file at %OPENCLAW_SECRETS_DIR%/email-tool.json (recommended), or
  2. Environment variables (fallback).

Required keys:

  • EMAIL_USER
  • EMAIL_PASS

Optional (defaults shown):

  • HOST_IMAP (imap.zoho.com)
  • PORT_IMAP (993)
  • HOST_SMTP (smtp.zoho.com)
  • PORT_SMTP (465)
  • SECURE_SMTP (true)

If you are packaging/uploading this skill: run node scripts/secret-scan.js first.

安全使用建议
This skill appears to be an IMAP/SMTP email client for Zoho and contains source code that will read credentials from a secrets file or environment variables. Before installing: (1) verify and accept that the skill needs EMAIL_USER and EMAIL_PASS (the registry entry currently omits these), (2) confirm where you'll store the secrets (OPENCLAW_SECRETS_DIR or env) and ensure the secrets file is protected, (3) review the code yourself (noting the hardcoded sender name "Pestward Info") and ensure there are no unexpected network endpoints, and (4) ensure the platform will install the npm dependencies (nodemailer, imap-simple). If you do not trust the author or cannot provide the required credentials safely, do not install. If you need higher assurance, request the author to update registry metadata to declare required env vars and to explain the "Pestward Info" string or remove it.
功能分析
Type: OpenClaw Skill Name: email-tool Version: 1.0.2 The OpenClaw Email Skill is classified as benign. It adheres to good security practices by explicitly stating that no hardcoded secrets should be present and providing a `secret-scan.js` script to enforce this. Credentials are loaded securely from a dedicated secrets file or environment variables. The core functionality, implemented in `src/index.js` using `nodemailer` and `imap-simple`, is aligned with its stated purpose of sending and searching emails. Input parameters are handled in a way that prevents direct command or query injection, and there is no evidence of data exfiltration, persistence mechanisms, or prompt injection attempts against the AI agent in `SKILL.md`.
能力评估
Purpose & Capability
The skill implements sending and searching email over IMAP/SMTP (nodemailer + imap-simple), which is coherent with the description. However the registry metadata claims no required environment variables or primary credential while the SKILL.md and src/index.js clearly require EMAIL_USER and EMAIL_PASS (or an external secrets file). Also the outgoing From address in the code is hardcoded as "Pestward Info", which doesn't match the generic "Email Tool" branding and suggests leftover or repurposed code.
Instruction Scope
SKILL.md and src/index.js instruct the agent to load credentials from either a secrets JSON file at OPENCLAW_SECRETS_DIR (or ~/.openclaw/secrets/email-tool.json) or from environment variables. This requires reading a path in the user's home directory and accessing environment variables (OPENCLAW_SECRETS_DIR, EMAIL_USER, EMAIL_PASS, and optional HOST_/PORT_ vars). Those file/env accesses are reasonable for an email tool but they are not declared in the registry metadata, and the code reads from outside the skill folder (user home), which should be explicit/approved by the deployer.
Install Mechanism
No install spec is provided (instruction-only in registry), but the package includes code and a package.json/package-lock.json listing dependencies on well-known npm packages (nodemailer, imap-simple). Running this code requires those Node dependencies to be installed; absence of an install spec means the runtime or operator must ensure npm deps are installed. The packages themselves are standard for email and not unexpected.
Credentials
Functionally the skill requires EMAIL_USER and EMAIL_PASS and optionally OPENCLAW_SECRETS_DIR and HOST_/PORT_/SECURE settings — but the registry metadata lists no required env vars and no primary credential. That mismatch is significant: the skill will fail without credentials, yet nothing in the registry advertises that requirement or which env vars will be used. The skill also reads HOME/USERPROFILE implicitly to locate the secrets file.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide settings. It runs as a normal, user-invocable skill and can be invoked autonomously per platform defaults; this is expected for a utility skill. No extra persistent privileges are requested.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install email-tool
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /email-tool 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
v1.0.2: Removed hardcoded credentials; load secrets from external file/env; added secret-scan script.
v1.0.1
- Updated package metadata in package.json. - No changes to skill functionality or documentation.
v1.0.0
Initial release of email-tool skill. - Send emails via Zoho with support for to, cc, bcc, subject, and HTML/plain text body. - Search inbox emails with customizable queries, result limits, and optional mark-as-read. - Uses hardcoded Zoho email account credentials for configuration.
元数据
Slug email-tool
版本 1.0.2
许可证
累计安装 5
当前安装数 5
历史版本数 3
常见问题

Email Tool 是什么?

Send and search emails via Zoho using specified recipients, subject, body, and search queries with optional CC, BCC, and read marking. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 924 次。

如何安装 Email Tool?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install email-tool」即可一键安装,无需额外配置。

Email Tool 是免费的吗?

是的,Email Tool 完全免费(开源免费),可自由下载、安装和使用。

Email Tool 支持哪些平台?

Email Tool 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Email Tool?

由 chowardcode(@chowardcode)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论