← 返回 Skills 市场
454
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install gmailcleanerv2
功能描述
Read/search Gmail via gog CLI (preferred) or Python scripts (fallback). Inbox check, email search, content retrieval, IMAP support.
使用说明 (SKILL.md)
email-reader
Cuándo usar
Usuario pide revisar inbox, buscar correos, leer mensajes, listar carpetas, o ver emails recientes.
Backend A — gog CLI (preferido)
Setup (una vez)
brew install steipete/tap/gogcli
gog auth credentials /ruta/credentials.json
gog auth add $GOG_ACCOUNT --services gmail
Comandos
# No leídos (acción por defecto)
gog gmail search 'in:inbox is:unread' --max 5 --format minimal --json --no-input
# Búsqueda por criterio
gog gmail search '\x3Cquery>' --max 10 --format minimal --json --no-input
# Correo completo
gog gmail get \x3CID> --format full --json --no-input
# Hilo completo
gog gmail thread \x3CTHREAD_ID> --format minimal --json --no-input
Queries útiles
# Carpetas sistema
'in:inbox newer_than:1d' 'in:spam newer_than:30d'
'in:sent newer_than:7d' 'is:starred'
# Etiquetas personalizadas
'label:Clientes' 'label:Facturas newer_than:90d'
# Filtros
'from:[email protected] is:unread'
'subject:propuesta newer_than:7d'
'has:attachment in:inbox newer_than:7d'
Operadores Gmail
from: to: subject: label: is:unread is:starred has:attachment
newer_than:Nd older_than:Nd in:inbox in:sent after:YYYY/MM/DD
Backend B — Python (fallback)
Setup (una vez)
pip install google-api-python-client google-auth-oauthlib beautifulsoup4 cryptography
python3 scripts/auth.py # OAuth → genera token.json cifrado
Comandos
python3 scripts/fetch_emails.py --label INBOX --max 50
python3 scripts/fetch_emails.py --label INBOX --unread-only --max 20
python3 scripts/fetch_emails.py --label INBOX --since 2026-01-01
python3 scripts/fetch_emails.py --label INBOX --from [email protected]
python3 scripts/fetch_emails.py --label SPAM --max 100
python3 scripts/fetch_emails.py --label Clientes --max 30
python3 scripts/list_folders.py # listar etiquetas
python3 scripts/fetch_thread.py --thread-id \x3CID> # hilo completo
python3 scripts/imap_fetch.py --host imap.outlook.com --folder INBOX # no-Gmail
Flujo
- Detectar backend:
command -v gog &>/dev/null && BACKEND=gog || BACKEND=python - Construir query desde intent del usuario — preguntar si ambiguo
- Ejecutar con
--max Nconservador (default 5-10) - Parsear JSON → presentar: remitente, asunto, fecha, preview + ID
- Ofrecer: leer completo, refinar búsqueda, actuar
Reglas
- SIEMPRE
--json+--no-input; nunca mostrar JSON crudo - Default
--max 5; subir solo si usuario pide más - Preservar IDs para acciones posteriores
- Sin resultados → sugerir query más amplio
- Solo lectura; enviar/responder → email-responder
Errores
gogmissing →brew install steipete/tap/gogcliGOG_ACCOUNTunset → pedir Gmail al usuario- Token expired →
gog auth add \x3Cemail>/python3 scripts/auth.py
安全使用建议
What to consider before installing:
- Metadata mismatch: The registry metadata for required env vars appears malformed; ask the publisher for corrected/complete required env variable names and a clear list of permissions the skill needs.
- Broad capabilities: Although the top-level description says 'read/search Gmail', the package contains organizer/responder/scheduler scripts that can move/delete messages, create/send drafts, and schedule cron/heartbeat jobs. Only install if you accept those actions and understand they can modify your mailbox.
- Credentials & files: The Python code performs OAuth and writes encrypted token files (token.json, token.key) to disk. Confirm where these files will be stored and whether you accept that location and file permissions. Ensure you use a dedicated account or sandbox if you are unsure.
- Third-party install risk: The gog CLI is installed from steipete/tap via Homebrew — inspect that tap/formula source before installing to ensure it's trustworthy. The Python fallback uses packages including anthropic; the analyzer/responder require an ANTHROPIC_API_KEY if used.
- Automation & confirmations: Some CLI examples use --no-input and batch xargs pipelines. Even though many scripts demand explicit confirmations, examples show how to run destructive batch ops non-interactively. If you enable scheduling, double-check cron/heartbeat entries and keep audit logs enabled.
Recommended next actions:
- Request corrected registry metadata and a clear manifest of required env vars (GOG_ACCOUNT, GMAIL_CREDENTIALS_PATH, GMAIL_TOKEN_PATH/GMAIL_KEY_PATH, ANTHROPIC_API_KEY, IMAP_USER/IMAP_PASSWORD if used).
- Inspect the Homebrew formula source (steipete/tap/gogcli) before installing.
- If possible, test on a throwaway Gmail account first and avoid enabling scheduler/cron until you validate behavior.
- If you only need read/search, prefer using the gog CLI backend interactively and avoid installing or running the Python fallback and scheduler components.
- If you are not comfortable with the above inconsistencies or with granting send/modify/scheduling capabilities, do not install.
If you want, I can: (a) list exactly which env vars and files the code reads/writes, (b) show the Homebrew formula URL to inspect, or (c) produce a minimal 'read-only' variant by removing scheduling/responder/organizer scripts.
功能分析
Type: OpenClaw Skill
Name: gmailcleanerv2
Version: 1.0.0
The skill bundle is designed for comprehensive email management, including reading, organizing, analyzing, and responding. It uses broad Gmail API scopes (read, modify, compose) and executes shell commands via `gog` CLI, often piped with `jq` and `xargs`. While these capabilities are necessary for its stated purpose, the broad API permissions and the use of `xargs` (even with controlled input like `.[].id`) present a vulnerability risk if the agent or its input were compromised. The `scheduler.py` script also includes an `--auto` flag that bypasses user confirmations for actions, which is a risky capability for automation. However, the `SKILL.md` files for `email-organizer` and `email-responder` explicitly instruct the agent to seek user confirmation for destructive or sending actions, and `email-analyzer/SKILL.md` even includes instructions for the agent to detect prompt injection patterns within emails. There is no clear evidence of intentional malicious behavior like unauthorized data exfiltration or hidden backdoors. The risks identified are primarily vulnerabilities that *could* be exploited, rather than proof of malicious intent, leading to a 'suspicious' classification.
能力评估
Purpose & Capability
The registry name/description and the top SKILL.md describe an email reader, but the bundle includes organizer, responder, scheduler, analyzer, reporter, and their Python scripts that perform destructive actions (trash/delete), create/send drafts, manage labels, and modify cron/heartbeat. Having those management/send/scheduling features is disproportionate if the published skill is intended only for reading/searching.
Instruction Scope
Runtime instructions tell the agent to run gog commands and Python scripts which is expected, but other SKILL.md files instruct editing ~/.openclaw/openclaw.json, adding cron/heartbeat entries, and running batch operations (jq|xargs) with --no-input. Those steps extend scope from 'read' to persistent automation and mailbox modifications; some example flows include irreversible deletes and automated scheduled actions.
Install Mechanism
Install uses a third-party Homebrew tap (steipete/tap/gogcli) to install 'gog' — not a built-in core formula. Python fallback instructions advise pip installing multiple packages (google-api-python-client, cryptography, anthropic, etc.). No arbitrary downloads/extract-from-unknown-URL were found, but the third-party brew tap raises moderate trust risk and should be inspected before installing.
Credentials
Registry metadata shows malformed env entries ("[object Object]") while SKILL.md and code reference multiple environment variables: GOG_ACCOUNT, GMAIL_CREDENTIALS_PATH, (and in code) GMAIL_TOKEN_PATH, GMAIL_KEY_PATH, ANTHROPIC_API_KEY, IMAP_USER/IMAP_PASSWORD, and others. Scripts require OAuth credentials and an encryption key file (token.key) and may create token files on disk. The declared env vars do not fully account for what the code actually uses, which is disproportionate and risky.
Persistence & Privilege
The skill is not always:true, but includes instructions and scripts to add cron/heartbeat entries and run continuous schedulers; combined with send/modify/delete capabilities this gives a path to persistent automated mailbox operations if the user enables scheduling. The code logs actions to an audit file under the workspace, but the presence of scheduling and send/delete capabilities increases the potential blast radius.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install gmailcleanerv2 - 安装完成后,直接呼叫该 Skill 的名称或使用
/gmailcleanerv2触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release for Gmail email reader skill:
- Enables read-only access to Gmail inbox and labels via gog CLI (preferred) or Python scripts (fallback).
- Supports searching, reading, and previewing emails; includes IMAP support.
- Provides setup and usage instructions for both backends.
- Returns results in JSON format, presenting sender, subject, date, and preview.
- Includes error handling for missing dependencies, credentials, and expired tokens.
- Conservatively returns a limited number of emails by default, with options to refine or expand queries.
元数据
常见问题
gmailcleanerfall 是什么?
Read/search Gmail via gog CLI (preferred) or Python scripts (fallback). Inbox check, email search, content retrieval, IMAP support. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 454 次。
如何安装 gmailcleanerfall?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install gmailcleanerv2」即可一键安装,无需额外配置。
gmailcleanerfall 是免费的吗?
是的,gmailcleanerfall 完全免费(开源免费),可自由下载、安装和使用。
gmailcleanerfall 支持哪些平台?
gmailcleanerfall 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 gmailcleanerfall?
由 Coorops25(@coorops25)开发并维护,当前版本 v1.0.0。
推荐 Skills