← 返回 Skills 市场
fruitmail — Apple Mail Search
作者
Rahul Sethuram
· GitHub ↗
· v1.1.0
· MIT-0
134
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install fruitmail
功能描述
Fast Apple Mail search via SQLite on macOS. Search emails by subject, sender, date, body, threads, attachments — results in ~50ms vs 8+ minutes with AppleScr...
使用说明 (SKILL.md)
Apple Mail Search
Search Apple Mail.app emails instantly via SQLite. ~50ms vs 8+ minutes with AppleScript.
Why This Exists
Apple Mail's AppleScript bridge enumerates every message object in memory before doing anything. At 100K+ emails, it just hangs — indefinitely. This has been broken for years and Apple hasn't fixed it.
| Method | Time for 110K emails |
|---|---|
| AppleScript iteration | Hangs forever |
| Spotlight/mdfind | Broken since Big Sur (emlx importer removed) |
| SQLite (this tool) | ~50ms |
Setup
Follow the instructions in references/install.md to install the mail-search script to your PATH. The script source is embedded there for portability.
Requires Full Disk Access for Terminal/shell to read ~/Library/Mail/.
Usage
mail-search subject "invoice" # Search subjects
mail-search sender "@amazon.com" # Search by sender email
mail-search from "John" # Search by sender display name
mail-search to "[email protected]" # Search sent mail
mail-search unread # List unread emails
mail-search recent 7 # Last 7 days
mail-search date-range 2025-01-01 2025-01-31 # Date range
mail-search attachments # Emails with attachments
mail-search thread 12345 # Full conversation thread
mail-search body 12345 # Read email body text
mail-search open 12345 # Open email in Mail.app
mail-search stats # Database statistics
Options
-n, --limit N Max results (default: 20)
-j, --json Output as JSON
-c, --csv Output as CSV
-q, --quiet No headers
--db PATH Override database path
--no-copy Query live DB (faster, slight risk if Mail.app writes simultaneously)
Examples
# Morning inbox check — unread as JSON for cron processing
mail-search unread --json | jq '.[].subject'
# Find supplier emails
mail-search sender "@example.com" -n 50
# Read the actual email body
mail-search body 116519
# Thread view — see full conversation
mail-search thread 116519
# Export last month to CSV
mail-search date-range 2026-02-01 2026-02-28 --csv > feb_emails.csv
# Quick stats
mail-search stats
How It Works
Queries Mail.app's internal Envelope Index SQLite database directly at:
~/Library/Mail/V{9,10,11}/MailData/Envelope Index
Safety: By default, copies the DB to a temp file before querying so there's no risk of corruption while Mail.app is running. Use --no-copy to skip this if you need raw speed.
Epoch detection: Auto-detects whether your DB uses Unix epoch or Apple CoreData epoch (offset by 978307200 seconds). Works correctly on both.
Body reading: The body command finds the .emlx file on disk and extracts plain text (falls back to stripped HTML). Requires python3.
Key Tables
messages— Email metadata (dates, flags, read status, foreign keys)subjects— Subject linesaddresses— Email addresses and display namesrecipients— TO/CC/BCC mappingsattachments— Attachment filenames and typesmailboxes— Folder/mailbox structure
Limitations
- Read-only — cannot compose or send (use AppleScript for that; single-message sends work fine)
- Metadata + body — bodies require the
.emlxfile to exist on disk (may be purged by Mail.app for old messages) - Apple Mail only — doesn't read Outlook, Spark, etc.
- macOS only — requires
~/Library/Mail/directory structure
Advanced: Raw SQL
For custom queries beyond what the CLI offers:
sqlite3 -header -column ~/Library/Mail/V10/MailData/Envelope\ Index "
SELECT m.ROWID, s.subject, a.address,
datetime(m.date_sent, 'unixepoch') as date
FROM messages m
JOIN subjects s ON m.subject = s.ROWID
LEFT JOIN addresses a ON m.sender = a.ROWID
WHERE s.subject LIKE '%your query%'
ORDER BY m.date_sent DESC
LIMIT 20;
"
Credits
Inspired by steipete's original apple-mail-search concept and tyler6204's safe-copy approach. This version adds body reading, thread support, epoch auto-detection, sent mail search, and bundles the actual executable script.
License
MIT
安全使用建议
This skill is coherent with its purpose (fast local search of Apple Mail), but the shipped shell script performs unescaped string interpolation into SQL and shell contexts. Before installing or automating it: 1) Review the script line-by-line (especially the SQL construction and the body/open commands). 2) Prefer the default behavior (copying the DB) and avoid --no-copy unless you trust inputs — querying the live DB plus injection could modify mail data. 3) If you will expose this to other actors or automate it, harden the script: validate that MSG_ID is an integer, avoid injecting user strings directly into SQL (use parameterized queries or ensure proper escaping), and safely quote filenames passed to python. 4) Only grant Full Disk Access to Terminal/shell if you trust the script. 5) If unsure, run the script against a copied/mounted test mailbox first or consider using a vetted third-party tool. If you want, I can point out the exact lines to change to reduce injection risk or provide a hardened version of the script.
功能分析
Type: OpenClaw Skill
Name: fruitmail
Version: 1.1.0
The skill provides a functional utility for searching Apple Mail via SQLite, but it contains security vulnerabilities that warrant a suspicious classification. Specifically, the 'mail-search' script in 'references/install.md' lacks input sanitization for the 'MSG_ID' parameter in the 'thread', 'body', and 'open' commands, making it vulnerable to SQL injection (e.g., '1; DROP TABLE messages;'). Furthermore, the 'body' command performs unsafe shell variable expansion of the '$EMLX' path within a 'python3 -c' execution string, which could lead to arbitrary code execution if a filename contains malicious characters. While these appear to be unintentional coding flaws rather than malware, they represent a significant attack surface for an AI agent.
能力评估
Purpose & Capability
Name/description match the actual behavior: the instructions and bundled shell script directly query Mail.app's Envelope Index via sqlite3 and read .emlx files. Required binaries (sqlite3, python3) and macOS-only restriction are appropriate and proportional.
Instruction Scope
The SKILL.md and script legitimately read ~/Library/Mail and .emlx files and ask for Full Disk Access — that's expected. However the script builds SQL queries and command lines by interpolating user-supplied values (e.g., SEARCH and MSG_ID) directly into SQL and shell commands without robust validation or parameterization. Examples: WHERE ... LIKE '%${SEARCH//\'/'\'}%' and WHERE ROWID = $MSG_ID; the body path is embedded into a python -c string as '$EMLX'. These patterns leave room for SQL injection or shell/argument injection, and if the user uses --no-copy the live DB could be affected. The script attempts a simplistic quote replacement for SEARCH but does not enforce numeric checks for MSG_ID or otherwise sanitize inputs fully.
Install Mechanism
Instruction-only skill with no automated installer; install instructions simply copy a script into ~/bin. No network downloads or arbitrary code fetches are performed by the skill itself, so install risk is low — but the user is explicitly asked to place the script on PATH, so they should review it before doing so.
Credentials
No credentials, environment secrets, or unrelated config paths are requested. The only privileged access required is Full Disk Access to read ~/Library/Mail, which is necessary to accomplish the stated purpose.
Persistence & Privilege
The skill is not force-enabled (always: false) and does not request persistent system-wide configuration changes. It is user-invocable only; autonomous invocation is allowed by default but not combined with additional privileges here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install fruitmail - 安装完成后,直接呼叫该 Skill 的名称或使用
/fruitmail触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
v1.1.0: Embedded full mail-search script in references/install.md for portability (ClawHub doesn't bundle scripts/ binaries). Script includes all 12 commands with auto epoch detection and safe DB copy.
v1.0.0
Initial release: Fast Apple Mail search via SQLite (~50ms vs 8min+ AppleScript). Bundled mail-search CLI with 12 commands: subject, sender, from, to, unread, recent, date-range, attachments, thread, body, open, stats. JSON/CSV output. Auto epoch detection. Safe DB copy. Body reading via .emlx. Credits: steipete (concept), tyler6204 (safe-copy).
元数据
常见问题
fruitmail — Apple Mail Search 是什么?
Fast Apple Mail search via SQLite on macOS. Search emails by subject, sender, date, body, threads, attachments — results in ~50ms vs 8+ minutes with AppleScr... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 134 次。
如何安装 fruitmail — Apple Mail Search?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install fruitmail」即可一键安装,无需额外配置。
fruitmail — Apple Mail Search 是免费的吗?
是的,fruitmail — Apple Mail Search 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
fruitmail — Apple Mail Search 支持哪些平台?
fruitmail — Apple Mail Search 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin)。
谁开发了 fruitmail — Apple Mail Search?
由 Rahul Sethuram(@rhlsthrm)开发并维护,当前版本 v1.1.0。
推荐 Skills