← 返回 Skills 市场
nmail
作者
Harlockius
· GitHub ↗
· v0.2.0
· MIT-0
119
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install nmail
功能描述
Command-line tool to send, read, and manage Korean Naver and Daum emails via nmail with JSON outputs and account configuration.
安全使用建议
Things to check before installing or enabling this skill:
- Verify binary provenance: the registry metadata contains no install spec even though a full Go source tree is included and README suggests 'brew' or 'go install'. If you will run a prebuilt nmail binary, obtain it from a trusted source (official GitHub release or build the source yourself and inspect it). Do not run an unverified binary.
- Credentials: nmail stores app passwords in ~/.nmail/config.yaml (0600). That is expected for an email client but is sensitive. If possible, prefer using system keychain storage or ensure the agent process is trusted and the config file is protected.
- Declared dependencies mismatch: SKILL.md shows piping watch output into the external 'openclaw' CLI, but the skill metadata does not declare that binary as required. If an agent automates this, ensure the openclaw CLI used is the one you expect.
- Build & review: because source is present, consider auditing or building the Go code locally and verifying behavior (especially config file handling and network connections to IMAP/SMTP hosts) before granting runtime access.
- If you need lower blast radius: run the nmail binary in an isolated environment (container or dedicated agent role) and avoid giving the agent access to unrelated files or credentials.
Given the inconsistencies (missing install spec, undeclared binaries, plaintext config), proceed only after verifying the binary/source and considering how app passwords are stored.
功能分析
Type: OpenClaw Skill
Name: nmail
Version: 0.2.0
The nmail skill bundle is a legitimate CLI tool designed for managing Korean email services (Naver, Daum) via IMAP and SMTP. The code implements standard email operations including account configuration, inbox listing, message reading, searching, and sending, with specific support for Korean character encodings (EUC-KR). Credentials are stored locally in `~/.nmail/config.yaml` with appropriate file permissions (0600). No evidence of data exfiltration, unauthorized network calls, or malicious prompt injection was found; the instructions in SKILL.md correctly guide the agent on how to use the tool for its stated purpose.
能力评估
Purpose & Capability
The name/description match the code: a CLI for Naver/Daum IMAP/SMTP. However the package metadata claims 'instruction-only' with no required binaries, while SKILL.md requires the nmail binary in PATH and the repository includes full source code. README suggests brew/go installs yet no install spec is present in the registry metadata. This mismatch (source present but no install declared, binaries required but not listed) is inconsistent and worth verifying.
Instruction Scope
SKILL.md instructions are scoped to adding accounts, listing inbox, reading/sending/searching mail, and optionally piping watch output into an OpenClaw system event. The doc explicitly tells users/agents to store app passwords via `nmail config add` and documents that app passwords are saved in ~/.nmail/config.yaml. It also shows integration using an external `openclaw` CLI. The instructions do not request unrelated files or hidden endpoints, but they do instruct the agent to handle sensitive credentials and to call an external 'openclaw' command that is not declared in the skill metadata.
Install Mechanism
No install spec is provided in the registry entry despite source files and README claiming install options (brew / go install / clawhub). Because the skill includes source but does not declare how the binary will be installed, the operator or agent would need to build or fetch a binary manually. Building/executing unverified binaries from source or installing a binary from an unspecified source increases risk if you don't control the build/install step.
Credentials
The skill requests no environment variables and does not demand unrelated credentials. However, it persistently stores account passwords (app passwords) in plaintext YAML at ~/.nmail/config.yaml (per code and SKILL.md). That is proportionate to an email client but is sensitive: installing this skill and running the provided commands will place credentials on disk in a local file. Also SKILL.md references piping into `openclaw` (another binary) which is not declared as a required dependency.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide agent settings. Autonomous invocation is allowed (the platform default) but not an additional red flag here. The primary persistence is local config (~/.nmail/config.yaml) which is normal for an email client.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install nmail - 安装完成后,直接呼叫该 Skill 的名称或使用
/nmail触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
feat: search + watch commands, UIDNEXT polling for Naver IMAP
v0.1.1
docs: add brew/go install instructions, CONTRIBUTING.md
v0.1.0
Initial release: Naver email support (inbox, read, send)
元数据
常见问题
nmail 是什么?
Command-line tool to send, read, and manage Korean Naver and Daum emails via nmail with JSON outputs and account configuration. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 119 次。
如何安装 nmail?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install nmail」即可一键安装,无需额外配置。
nmail 是免费的吗?
是的,nmail 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
nmail 支持哪些平台?
nmail 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 nmail?
由 Harlockius(@harlockius)开发并维护,当前版本 v0.2.0。
推荐 Skills