← 返回 Skills 市场
122
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install q012315-email-pro-optimized
功能描述
高性能邮件工具 - 支持 QQ、Gmail、Outlook。IMAP读、SMTP写、OAuth 2.0、并发处理。速度比 imap-smtp-email 快 4-5 倍。
安全使用建议
This skill appears to implement a capable multi-provider email client, but it ships with embedded Outlook OAuth credentials and a script that will push the skill directory to a remote Git repo. Those embedded secrets should be treated as sensitive — do NOT run authorize-outlook.sh or any auto-push/maintain scripts without auditing and removing secrets. Recommended steps before installing or running: 1) Inspect and remove any hard-coded client_id/client_secret/tenant values from scripts and README; treat them as compromised if you used them anywhere. 2) Run authorization manually using your own OAuth client credentials (do not reuse the repo's values), and avoid passing secrets on the command line; use interactive input or secure config files with 600 permissions. 3) Do not run scripts/auto-push.py unless you understand and control the remote repo (it will git add/commit/push and could leak data). 4) If you already ran the included credentials, rotate those app secrets in Azure/Google immediately. 5) Prefer running this code in an isolated environment and examine ~/.openclaw/credentials to ensure only expected tokens are stored. If you want, I can point to exact files/lines to remove or show safer ways to perform OAuth authorization and token storage.
功能分析
Type: OpenClaw Skill
Name: q012315-email-pro-optimized
Version: 2.2.1
The bundle contains a hardcoded Azure Client Secret and Tenant ID within 'scripts/authorize-outlook.sh' and the README, which is a significant security vulnerability and poor practice. Additionally, it includes scripts like 'scripts/auto-push.py' and 'scripts/sync-updates.py' that perform automated Git operations (add, commit, push) and filesystem synchronization across directories (~/.openclaw/workspace-telegram-bot1). While these appear to be developer utilities for the 'Email Pro' tool, the combination of hardcoded credentials and automated repository/file manipulation poses a high risk of accidental data exposure or unauthorized system changes.
能力评估
Purpose & Capability
Most files (providers, oauth_handler, email-pro) are coherent with a high-performance multi-provider email tool. However the repo includes an automatic git push script and hard-coded Outlook client ID/secret/tenant in scripts and README — these are not required to provide email access and are unexpected for a user-facing email client package.
Instruction Scope
SKILL.md instructs running authorization scripts (e.g., bash scripts/authorize-outlook.sh) which call authorize.py with a client_secret passed on the command line. That exposes secrets via process arguments and the repo's provided authorize-outlook.sh contains a hard-coded client_secret/tenant/client_id, which the instructions explicitly recommend executing.
Install Mechanism
No install spec; SKILL.md lists python3 and requests which aligns with the Python scripts included. Absence of an install step reduces risk of arbitrary remote code download.
Credentials
The skill declares no required environment variables, yet the code reads GMAIL_CLIENT_ID/GMAIL_CLIENT_SECRET and supports storing credentials in ~/.openclaw/credentials/*. More importantly, the repository contains hard-coded Outlook client_id/client_secret/tenant values in authorize-outlook.sh and README — embedded sensitive credentials are disproportionate and dangerous.
Persistence & Privilege
The skill is not always-enabled and allows user invocation (normal). It does include scripts (auto-push.py, maintain.py) that can modify and push the skill repository to remote origins; these scripts are not automatically executed by the platform but provide capability to push local changes (possible exfiltration vector) if run.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install q012315-email-pro-optimized - 安装完成后,直接呼叫该 Skill 的名称或使用
/q012315-email-pro-optimized触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.2.1
v2.2.1
- 文档更新:仅更新了 README.md/说明文档,无功能代码变动
- 修订和完善说明内容,使文档更加清晰易用
- 保持现有功能和接口不变
v2.2.0
- Major update: Email Pro Optimized now supports QQ, Gmail, and Outlook accounts.
- Adds full OAuth 2.0 support for Gmail and Outlook, including automatic token refresh.
- Introduces high-performance batch fetch, multi-threaded concurrent access, and connection reuse for much faster operations—up to 4–5x speed improvement over previous versions.
- Unified command interface for managing multiple email providers.
- Enhanced stability with improved error handling and robust fault tolerance.
- Updated documentation with quickstart guides, advanced usage, and troubleshooting.
元数据
常见问题
email-pro-optimized 是什么?
高性能邮件工具 - 支持 QQ、Gmail、Outlook。IMAP读、SMTP写、OAuth 2.0、并发处理。速度比 imap-smtp-email 快 4-5 倍。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 122 次。
如何安装 email-pro-optimized?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install q012315-email-pro-optimized」即可一键安装,无需额外配置。
email-pro-optimized 是免费的吗?
是的,email-pro-optimized 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
email-pro-optimized 支持哪些平台?
email-pro-optimized 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 email-pro-optimized?
由 zone(@q012315)开发并维护,当前版本 v2.2.1。
推荐 Skills