← 返回 Skills 市场
1708
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install protom-bridge-email
功能描述
Send email through Proton Mail Bridge (localhost SMTP) using age-encrypted credentials. Use when setting up Proton Bridge for an agent mailbox, encrypting Bridge credentials (no 1Password), or sending automated emails (daily reports, alerts) via Proton Bridge.
安全使用建议
This skill appears to implement what it claims (encrypt an env file with age and send mail through local Proton Bridge), but the package metadata omits key runtime requirements. Before installing or running: (1) verify you have the 'age' binary and Python3 available; (2) confirm you are comfortable the script will read your age private key at ~/.config/age/keys.txt and the encrypted file at ~/clawd/secrets/proton.env.age (these paths are hard-coded); (3) inspect send_email.py (it calls the 'age' binary via subprocess and creates an unverified SSL context for localhost), and consider running it in an isolated environment or container if you are unsure; (4) do not store secrets on shared machines and keep file permissions restrictive; and (5) ask the publisher to update metadata to declare required binaries and config paths so the skill's expected privileges are explicit.
功能分析
Type: OpenClaw Skill
Name: protom-bridge-email
Version: 1.0.0
This skill is classified as suspicious due to its handling of sensitive credentials and execution of external commands. The `scripts/send_email.py` script decrypts `PROTON_BRIDGE_PASS` and other sensitive environment variables from `~/clawd/secrets/proton.env.age` using an `age` identity key from `~/.config/age/keys.txt` via `subprocess.check_output(['age', '-d', ...])`. While this is central to the skill's stated purpose of sending emails via Proton Mail Bridge, the direct decryption and use of sensitive credentials, combined with external command execution, represents a high-risk capability. There is no clear evidence of intentional malicious behavior like exfiltration to unauthorized endpoints, but the inherent risk of handling secrets in this manner warrants a 'suspicious' classification.
能力评估
Purpose & Capability
The skill claims to send mail via Proton Bridge using age-encrypted credentials and the code does exactly that, but the registry metadata lists no required binaries or config paths even though the runtime requires the 'age' binary and specific secret file locations (~/clawd/secrets/proton.env.age and ~/.config/age/keys.txt). The missing declarations are a mismatch between purpose and requested/assumed capabilities.
Instruction Scope
SKILL.md and scripts are narrowly scoped to: encrypt a plaintext env file with age and run a Python script that decrypts that file and sends mail to localhost SMTP. The scripts read the encrypted file and the user's age private key. The sender script intentionally allows self-signed/local certs (ssl._create_unverified_context) to accommodate Bridge on localhost — this is expected but reduces TLS verification and is worth noting.
Install Mechanism
There is no install spec (instruction-only plus two helper scripts). Nothing is downloaded or written by an install step; risk from install-time arbitrary code is low. The presence of code files means the scripts will run on the host when invoked.
Credentials
The skill does not declare any required environment variables or config paths, yet it requires access to specific local secret files (~/clawd/secrets/proton.env.age and ~/.config/age/keys.txt) and the 'age' binary. Requesting access to a user's private age key and decrypted credentials is proportionate to the stated function, but the omission from declared requirements is an incoherence and increases the chance a user will be surprised by what the skill accesses.
Persistence & Privilege
The skill is not set to always: true and does not request elevated or persistent system-wide privileges. It does run subprocess('age') and Python code at invocation, but it does not modify other skills or system configurations.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install protom-bridge-email - 安装完成后,直接呼叫该 Skill 的名称或使用
/protom-bridge-email触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial public release. Authored by Boilermolt + Boiler (Chris).
元数据
常见问题
Proton Bridge Email 是什么?
Send email through Proton Mail Bridge (localhost SMTP) using age-encrypted credentials. Use when setting up Proton Bridge for an agent mailbox, encrypting Bridge credentials (no 1Password), or sending automated emails (daily reports, alerts) via Proton Bridge. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1708 次。
如何安装 Proton Bridge Email?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install protom-bridge-email」即可一键安装,无需额外配置。
Proton Bridge Email 是免费的吗?
是的,Proton Bridge Email 完全免费(开源免费),可自由下载、安装和使用。
Proton Bridge Email 支持哪些平台?
Proton Bridge Email 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Proton Bridge Email?
由 boilerrat(@boilerrat)开发并维护,当前版本 v1.0.0。
推荐 Skills