← 返回 Skills 市场
Pilot Email Bridge
作者
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
78
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install pilot-email-bridge
功能描述
Send and receive emails via Pilot Protocol messaging. Use this skill when: 1. You need to send email notifications from Pilot agents 2. You want to receive e...
安全使用建议
This skill appears to do what it says (bridge Pilot messages to SMTP/IMAP), but there are some gaps you should resolve before installing:
- Credential handling: SKILL.md mentions 'email credentials' but the skill metadata declares no env vars. Ask the author how SMTP credentials are supplied and stored; never paste secrets into free-text fields. Prefer providing credentials via a clearly-scoped secret (an env var declared by the skill) rather than embedding them into webhooks.
- Exfiltration risk: The send-file and publish examples allow reading arbitrary local files and forwarding them to a webhook/SMTP relay. Only allow the skill to access files from explicitly permitted directories and audit what pilotctl will transmit. If possible, test in an isolated environment first.
- Webhook targets: Configure webhooks to trusted, authenticated relays (prefer localhost or internal relays) and avoid pointing them to third-party URLs unless you control them. The example uses both localhost and external URLs — prefer localhost/internal for testing.
- pilotctl provenance: Ensure the pilotctl binary on PATH is the official, up-to-date binary from a trusted source (pilotprotocol.network) to avoid running a tampered client that could leak data.
- Run safely: Try the skill in a sandbox or non-production agent, verify exactly which files and headers are sent, and confirm that authentication is required and enforced by your SMTP relay.
If the author can clarify how credentials are handled and limit file-access behavior, the inconsistencies would be resolved; until then, treat the skill as a potential exfiltration vector and proceed cautiously.
功能分析
Type: OpenClaw Skill
Name: pilot-email-bridge
Version: 1.0.0
The skill bundle provides an email bridge interface using the `pilotctl` binary, which includes high-risk capabilities such as sending local files to a remote relay (`send-file`) and configuring outbound webhooks (`set-webhook`). While these tools are plausibly required for the stated purpose, the potential for data exfiltration and the instruction in `SKILL.md` to execute an external background script (`smtp_relay_server.py`) not included in the bundle are significant risk factors. No clear evidence of intentional malice was found, but the broad file and network access capabilities warrant caution.
能力标签
能力评估
Purpose & Capability
The skill claims to bridge Pilot Protocol and email and correctly requires the pilotctl binary and a running daemon — that aligns with the stated purpose. However, SKILL.md also lists 'email credentials' as a dependency but the registry metadata declares no required environment variables or primary credential, creating an inconsistency about how SMTP authentication is provided.
Instruction Scope
The instructions tell the agent to set webhooks to arbitrary URLs, publish messages that may be relayed externally, and use 'pilotctl --json send-file email-relay /path/to/report.pdf' — which implies reading local files and sending them through an external relay. This behavior is consistent with an email bridge but also enables exfiltration of arbitrary files if misused. The README also instructs launching an external 'python3 smtp_relay_server.py &' with no guidance about its security or authentication.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes supply-chain risk (nothing downloaded or written by the skill itself). It does, however, rely on an external binary (pilotctl) already on PATH.
Credentials
The SKILL.md says 'Requires ... email credentials' but the skill metadata declares no required environment variables or primary credential. There is no clear, declared mechanism for supplying SMTP auth, API keys, or where they should be stored, which is a meaningful omission for an email bridge that will authenticate to relays.
Persistence & Privilege
The skill is not always-enabled and uses default model-invocation behavior (agent may call it autonomously, which is normal). It does not request persistent system configuration or modify other skills' settings in the instructions provided.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install pilot-email-bridge - 安装完成后,直接呼叫该 Skill 的名称或使用
/pilot-email-bridge触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Pilot Email Bridge 是什么?
Send and receive emails via Pilot Protocol messaging. Use this skill when: 1. You need to send email notifications from Pilot agents 2. You want to receive e... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 78 次。
如何安装 Pilot Email Bridge?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install pilot-email-bridge」即可一键安装,无需额外配置。
Pilot Email Bridge 是免费的吗?
是的,Pilot Email Bridge 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Pilot Email Bridge 支持哪些平台?
Pilot Email Bridge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Pilot Email Bridge?
由 Calin Teodor(@teoslayer)开发并维护,当前版本 v1.0.0。
推荐 Skills