← 返回 Skills 市场
Email (Python
144
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install email-tool-skill
功能描述
Send mail with Python stdlib smtplib (SMTP_SSL to smtp.yeah.net:465). Documented account [email protected] with embedded client auth code; standalone script...
使用说明 (SKILL.md)
Email (Python smtplib, NetEase yeah.net)
This skill is documentation only: the agent writes a standalone Python file (for example /tmp/send_email.py), runs python3 /tmp/send_email.py …, and relies on stdlib only (smtplib, email.mime). Nothing else in this skill folder is required.
Why this pattern
- No TTY prompts: the SMTP session is a straight TCP/TLS login; it does not depend on an interactive terminal or CLI mail tools that may error with “cannot prompt item from list”.
- One-shot execution:
python3 /path/to/send_email.pyfrom any cwd. - No extra pip packages: standard library only.
- Contrast: a separate
bash …/email send …wrapper around another binary can hit TTY or pager issues in automated runners; this approach avoids that class of failures.
NetEase yeah.net SMTP (fixed for this workspace)
| Item | Value |
|---|---|
| SMTP host | smtp.yeah.net |
| Port | 465 (implicit TLS) |
| Python API | smtplib.SMTP_SSL(host, port, timeout=…) |
| Account (From / login user) | [email protected] |
| Client authorization code (SMTP password) | LWyx439sqLGuU68u |
Use the client authorization code from the NetEase mail settings, not the web-login password alone if the provider requires a separate client password.
Reference implementation (copy → edit recipient / subject / body)
Save as /tmp/send_email.py (or any path), then run with python3 /tmp/send_email.py \x3Cto> \x3Csubject> \x3Cbody>.
#!/usr/bin/env python3
import smtplib
import sys
from email.mime.text import MIMEText
from email.mime.multipart import MIMEMultipart
SMTP_SERVER = "smtp.yeah.net"
SMTP_PORT = 465
SENDER_EMAIL = "[email protected]"
SENDER_PASSWORD = "LWyx439sqLGuU68u"
def send_plain_email(receiver_email: str, subject: str, body: str) -> None:
message = MIMEMultipart("alternative")
message["Subject"] = subject
message["From"] = SENDER_EMAIL
message["To"] = receiver_email
part = MIMEText(body, "plain", "utf-8")
message.attach(part)
server = smtplib.SMTP_SSL(SMTP_SERVER, SMTP_PORT, timeout=30)
try:
server.login(SENDER_EMAIL, SENDER_PASSWORD)
server.send_message(message)
finally:
server.quit()
if __name__ == "__main__":
if len(sys.argv) \x3C 4:
sys.stderr.write(
"usage: python3 send_email.py \x3Cto> \x3Csubject> \x3Cbody>\
"
)
sys.exit(1)
send_plain_email(sys.argv[1], sys.argv[2], sys.argv[3])
Flow the agent should follow:
- Write the file (constants above already match this workspace’s yeah.net account).
- Run:
python3 /tmp/send_email.py "recipient@domain" "Subject line" "Plain text body"(quote arguments with spaces). - On exception, print or return the error string to the user.
Optional variants
- UTF-8 subjects / long bodies: keep
MIMEText(..., "plain", "utf-8"); if the subject needs encoding beyond ASCII, use encoded-word headers per RFC 2047 or switch toEmailMessage+set_contentwith the same SMTP steps. - Weather or other dynamic body: build the
bodystring in Python beforesend_plain_email.
Other NetEase domains
163 / 126 usually use smtp.163.com / smtp.126.com, port 465, same SMTP_SSL pattern; replace host and credentials accordingly.
Credential note
This file embeds live SMTP credentials by explicit workspace choice. Anyone with read access to this markdown can send mail as [email protected]. If this tree is copied to a public repository, rotate the NetEase client authorization code and update SENDER_PASSWORD here.
安全使用建议
This skill is coherent with its stated purpose (sending email via smtp.yeah.net), but it embeds a live SMTP account and client-authorization code directly in the SKILL.md. Before installing or using it, consider the following:
- Treat the embedded credentials as a secret leak: anyone with read access can send mail as [email protected]. If the repository/tree is or becomes public, rotate/revoke that client authorization code immediately.
- Prefer not to run documentation that writes and executes a script containing plaintext credentials. Safer alternatives: store SMTP password in an environment variable or secret manager and update the instructions to read it from there.
- Confirm you (or your organization) control the [email protected] account. If you do not control it, do not use these credentials; using them could be unauthorized and could get the account suspended.
- Be aware of abuse risk: the skill allows sending arbitrary recipients and message bodies, which could be used for spam or data exfiltration. Limit who can invoke the skill and audit usage/logs if possible.
- If you need this capability, request the author replace the hard-coded SENDER_PASSWORD with a required secret (e.g., requires.env) or provide a configuration step that uses a secure secret store. If you inherit this skill from an internal workspace, verify access controls and rotate credentials if the skill was copied to a public place.
Confidence is medium because the behavior is internally coherent for the stated purpose, but embedding live credentials in documentation is an unusual design choice that could be legitimate for a private workspace or a careless disclosure; additional context about the skill's intended visibility (private workspace vs public registry) and ownership would raise confidence.
功能分析
Type: OpenClaw Skill
Name: email-tool-skill
Version: 1.0.0
The skill provides a functional Python script and instructions for sending emails via the NetEase (yeah.net) SMTP service. It contains hardcoded plaintext credentials ([email protected] / LWyx439sqLGuU68u) within SKILL.md, which is a significant security risk and could be abused for unauthorized mail relay or phishing. While the behavior is aligned with the stated purpose, the inclusion of live credentials and the pattern of writing/executing scripts from /tmp are high-risk practices.
能力评估
Purpose & Capability
Name/description match the instructions: the skill documents how to send mail with Python's smtplib to smtp.yeah.net on port 465 and requires only python3. Requiring python3 and standard-library code is proportionate to the stated purpose. However, the SKILL.md embeds a specific From address and an SMTP client authorization code (SENDER_PASSWORD) in plaintext, which is unusual for a reusable/public skill.
Instruction Scope
The runtime instructions tell the agent to write a standalone Python script (e.g. /tmp/send_email.py) that contains hard-coded credentials and then execute it. The actions themselves (write file, run python3) are within the email-sending scope, but embedding live credentials in the documentation and instructing the agent to execute a script using those credentials expands the skill's impact: anyone who follows the instructions or has read access can send arbitrary mail from that account. The instructions also permit arbitrary message bodies and recipients, which increases abuse potential (phishing, spam, exfiltration).
Install Mechanism
This is an instruction-only skill with no install spec and no code files; that is low-risk from an install perspective. It relies only on python3 being present and uses the Python standard library (no external downloads or package installs).
Credentials
The skill declares no required environment variables but includes explicit credentials (SENDER_EMAIL and SENDER_PASSWORD) inside SKILL.md. Asking the user for no secrets while embedding live credentials in the skill is disproportionate/unusual and creates a secret disclosure risk. Best practice would be to require a single SMTP credential via an env var or secret store rather than publishing credentials in the doc.
Persistence & Privilege
The skill does not request always: true, does not install persistent components, and does not modify other skills or system-wide settings. It is user-invocable and allows autonomous model invocation by default (the platform normal), which combined with the embedded credentials increases potential blast radius but is not itself an exceptional privilege.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install email-tool-skill - 安装完成后,直接呼叫该 Skill 的名称或使用
/email-tool-skill触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Major update: Replaced previous multi-provider, feature-rich email skill with documentation for a minimal, Python stdlib-based standalone mail script targeting smtp.yeah.net.
- All code and config files removed; skill is now "documentation only" and instructs the agent to write/run a standalone `/tmp/send_email.py` per invocation.
- SMTP account fixed to [email protected] with embedded client authorization code.
- No dependency on local bash wrappers, external mail tools, or pip packages.
- Emphasized non-interactive, stdlib-only approach to avoid TTY and automation issues.
元数据
常见问题
email-skill 是什么?
Send mail with Python stdlib smtplib (SMTP_SSL to smtp.yeah.net:465). Documented account [email protected] with embedded client auth code; standalone script... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 144 次。
如何安装 email-skill?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install email-tool-skill」即可一键安装,无需额外配置。
email-skill 是免费的吗?
是的,email-skill 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
email-skill 支持哪些平台?
email-skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 email-skill?
由 WGY2e(@wgy2e)开发并维护,当前版本 v1.0.0。
推荐 Skills