Okki Sync Mail

完整的邮件自动化解决方案，集成 OKKI CRM。支持 IMAP 邮件自动捕获、SMTP 发送邮件、dry-run 模式、发送日志、速率限制、定时发送、签名模板、邮件规则、连接池优化、邮件转发等功能。自动同步 inbound/outbound 邮件到 OKKI 创建跟进记录（remark_type=102）。

This skill mostly does what it says (IMAP/SMTP + OKKI), but take these concrete precautions before installing or providing credentials: - Audit the following files first: discord-review.js, auto-capture.js, scripts/smtp.js, scripts/imap.js, and any files that call child_process.exec/execSync. They handle external network calls and spawn other programs. - Do NOT place global or agent-level secrets in a parent .env. The code attempts to load ../../.env (discord-review.js); supply only a skill-local .env in the skill folder to avoid accidental leakage. - If you don't intend to use Discord review, do not set DISCORD_BOT_TOKEN or configure Discord; otherwise the skill will send email drafts/content to discord.com. The skill does not list DISCORD_BOT_TOKEN in its declared env requirements — this is an undeclared external endpoint. - Run the skill in an isolated/test environment first (use a disposable mailbox and disposable OKKI test credentials). Confirm that --dry-run works and that real sends are blocked until you explicitly approve. - Because the skill spawns python scripts using paths you supply (OKKI_CLI_PATH, VECTOR_SEARCH_PATH), ensure those paths point to audited/trusted scripts; an attacker-supplied path could run arbitrary code. - Consider restricting filesystem access (ALLOWED_READ_DIRS) and network egress for the environment running this skill, or review/modify the code to stop reading parent .env and to require explicit approval before any outbound network call. If you cannot audit the code or are uncomfortable with Discord/external posting or with parent .env access, treat this skill as unsafe to run with production credentials.

Type: OpenClaw Skill Name: okki-sync-mail Version: 2.0.1 The bundle is a comprehensive email automation and CRM synchronization tool for OKKI CRM. It is classified as suspicious because it utilizes `execSync` in `auto-capture.js` and `kb-retrieval.js` to execute local Python scripts with arguments derived from external email data (such as domains and search queries) without sufficient sanitization, creating a significant risk of command injection. While the skill includes proactive security instructions in `SKILL.md` to defend against prompt injection and implements path validation for file operations in `scripts/imap.js` and `scripts/smtp.js`, the combination of shell execution, broad file system access, and the transmission of sensitive email content to external APIs (OpenRouter and Discord) constitutes high-risk behavior. No evidence of intentional malice or data exfiltration to unauthorized endpoints was found.