← 返回 Skills 市场
qiusuo9809

Email Monitor

作者 qiusuo9809 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
262
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qiusuo-email-monitor
功能描述
Set up periodic email monitoring for any IMAP mailbox (Gmail, Outlook, QQ, etc.). Guides users through mailbox configuration, tests the connection, then crea...
安全使用建议
This skill appears to do what it says, but consider these points before installing: - It asks you to provide and stores mailbox credentials (app password or account password) in plaintext at ~/.openclaw/email-monitor/<sanitized-email>/config.json. Prefer app passwords + 2FA (Gmail) and restrict the file: chmod 600 <config>. Delete the config to revoke access. - Fetched email bodies and attachments may be printed to stdout and shown in chat — avoid feeding highly sensitive mail if you don't want it displayed or stored in chat history. - Attachment downloads (if enabled) are written to the user-specified directory; ensure that path is safe and not world-readable if attachments are sensitive. - The skill creates a cron job via `openclaw cron add` to run the included Python script; the job runs as your user and will have access to the config/state files. Verify the cron command and <skill_dir> expansion when confirming. - Because the skill stores credentials locally, remove the config/state files and cron entry to fully revoke the skill's access. - If you need stronger protection, consider creating a dedicated mailbox or app password with limited rights for monitoring rather than using your primary account password. Overall: internally consistent with the stated purpose, but handle stored credentials and output visibility carefully.
功能分析
Type: OpenClaw Skill Name: qiusuo-email-monitor Version: 1.0.0 The skill manages sensitive email credentials (including app passwords) and stores them in plaintext in the user's home directory. Additionally, the attachment downloading logic in `scripts/fetch_emails.py` is vulnerable to path traversal, as it uses unsanitized filenames from email headers in `os.path.join`, potentially allowing an attacker to overwrite arbitrary files on the system. While these are high-risk security flaws, they appear to be unintentional vulnerabilities rather than evidence of malicious intent.
能力评估
Purpose & Capability
Name/description (periodic IMAP email monitoring) align with the included script and instructions. The fetch_emails.py implements IMAP over SSL, UID-based incremental fetching, optional attachment saving, and outputs results to stdout — all expected for this purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to collect the user's email and password (app password or IMAP password), store them in ~/.openclaw/email-monitor/<sanitized-email>/config.json, run the local fetch_emails.py for testing, and create a cron job via `openclaw cron add`. These steps are within the task scope but involve writing plaintext credentials and saved state/attachments to disk and printing email contents to stdout (which will be visible in the chat) — privacy considerations, not covert behavior.
Install Mechanism
There is no install spec and the skill is instruction-only aside from a small Python script. No external downloads or package installs are performed by the skill itself.
Credentials
The skill requires the user to supply mailbox credentials (app password / account password) which are appropriately the sole sensitive inputs. It does not request unrelated environment variables or cloud credentials. However, credentials are stored in plaintext in a config.json under the user's home directory — expected but a security/privacy risk if the host is shared or unprotected.
Persistence & Privilege
always is false and the skill does not request elevated or cross-skill privileges. The cron job will run under the user's account (per SKILL.md) which is expected for scheduled checks; this is normal but means future periodic runs will access the stored config and mailbox.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install qiusuo-email-monitor
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /qiusuo-email-monitor 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
首发:Gmail/IMAP 邮件定时监控,6步引导配置,增量拉取,token 消耗极低。by qiusuo
元数据
Slug qiusuo-email-monitor
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

Email Monitor 是什么?

Set up periodic email monitoring for any IMAP mailbox (Gmail, Outlook, QQ, etc.). Guides users through mailbox configuration, tests the connection, then crea... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 262 次。

如何安装 Email Monitor?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install qiusuo-email-monitor」即可一键安装,无需额外配置。

Email Monitor 是免费的吗?

是的,Email Monitor 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Email Monitor 支持哪些平台?

Email Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Email Monitor?

由 qiusuo9809(@qiusuo9809)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463942 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259883 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200739 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191401 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190375 · by oswalpalash

💬 留言讨论