← 返回 Skills 市场
Qq Email
作者
Chao-NJ-CN
· GitHub ↗
· v1.0.0
573
总下载
1
收藏
4
当前安装
1
版本数
在 OpenClaw 中安装
/install qq-email
功能描述
Send and receive emails via QQ Mail SMTP/IMAP. Use when: user wants to send/receive emails, check inbox, read messages, or share documents via email. Require...
安全使用建议
This skill appears to do exactly what it claims: send and receive QQ Mail using a local Python script. Before installing, be aware that you must provide your QQ email address and the 16-character QQ authorization code — either via environment variables or by placing them in ~/.openclaw/workspace/TOOLS.md. Storing auth codes in plaintext files can expose them if that file is backed up or committed; using environment variables is safer. Review the included qq_email.py if you want to confirm no unexpected network endpoints are contacted (it appears to connect only to smtp.qq.com and imap.qq.com). Do not share your auth code or commit TOOLS.md to a public repository.
功能分析
Type: OpenClaw Skill
Name: qq-email
Version: 1.0.0
The `qq_email.py` script contains a critical arbitrary file write vulnerability in its `read_email` function. It saves email attachments using filenames extracted from email headers without sanitizing for directory traversal, which could allow a malicious email sender to write files to arbitrary locations on the system. Additionally, the `SKILL.md` command templates and the `send_email` function's attachment handling present potential shell injection and sensitive file exfiltration risks if the OpenClaw agent does not adequately sanitize user-provided input for file paths and command arguments.
能力评估
Purpose & Capability
Name/description match the implementation: the included Python tool implements SMTP/IMAP access to smtp.qq.com/imap.qq.com and the SKILL.md explains configuring a QQ auth code. Required binary (python3) is appropriate and proportional.
Instruction Scope
Runtime instructions only invoke the local qq_email.py and point to ~/.openclaw/workspace/TOOLS.md for configuration. The script reads TOOLS.md or environment variables, accesses attachments provided by the user, and connects to QQ's mail servers — all consistent with the stated email-sending/receiving purpose.
Install Mechanism
No install spec (instruction-only) and a bundled Python script are present. Nothing is downloaded from external or untrusted URLs; no archives are extracted. Risk from install mechanism is low.
Credentials
The skill does not request unrelated credentials. It needs the QQ email address and 16-char authorization code (either via env vars or TOOLS.md) which are necessary to access QQ SMTP/IMAP. No additional secrets or unrelated environment variables are required.
Persistence & Privilege
Skill is not always-enabled and does not request elevated platform privileges. It reads its own config (TOOLS.md) and user-specified attachment paths but does not modify other skills or system-wide settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qq-email - 安装完成后,直接呼叫该 Skill 的名称或使用
/qq-email触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of the qq-email skill.
- Send and receive emails via QQ Mail using SMTP/IMAP.
- Supports sending standard or HTML emails, attachments, and marking emails as read.
- Includes inbox checking, reading specific emails (with optional attachment saving), and filtering by unread status.
- Requires QQ email authorization code configuration before use.
元数据
常见问题
Qq Email 是什么?
Send and receive emails via QQ Mail SMTP/IMAP. Use when: user wants to send/receive emails, check inbox, read messages, or share documents via email. Require... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 573 次。
如何安装 Qq Email?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qq-email」即可一键安装,无需额外配置。
Qq Email 是免费的吗?
是的,Qq Email 完全免费(开源免费),可自由下载、安装和使用。
Qq Email 支持哪些平台?
Qq Email 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Qq Email?
由 Chao-NJ-CN(@chao-nj-cn)开发并维护,当前版本 v1.0.0。
推荐 Skills