← 返回 Skills 市场
154
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install qq-email-summary
功能描述
邮件摘要技能 - 自动获取并摘要每日邮件(QQ 邮箱)
安全使用建议
Do not install or run this skill as-is. Before proceeding: 1) Remove the committed config/email-config.json and data/emails.json from the package — they contain a real-looking email address and an IMAP auth code and a large mailbox dump. Treat those as leaked secrets; if they are yours, immediately rotate the authorization code. 2) Replace the config file with a template (config.example.json) and enter your credentials locally only when prompted by setup. 3) Inspect the default WEIXIN_CHANNEL/ACCOUNT/USER_ID values — replace them with your own or unset them so messages are not pushed to a third party. 4) Review use of execSync/openclaw CLI: ensure the openclaw messaging endpoint/account is trusted, and run the scripts in an isolated environment first. 5) If you cannot verify why the repo included real credentials/emails, consider the package untrusted and avoid running it; request a clean release (no credentials/data) from the author or use an alternative implementation.
功能分析
Type: OpenClaw Skill
Name: qq-email-summary
Version: 1.0.0
The skill bundle exhibits high-risk behavior and significant data leakage, likely due to extreme developer negligence or a 'phone home' data collection strategy. Most critically, 'scripts/summarize-emails.js' contains a hardcoded default WeChat USER_ID ('[email protected]') which causes user email summaries to be exfiltrated to the author if environment variables are not configured. Furthermore, the bundle improperly includes a live 'config/email-config.json' file containing a plaintext QQ email address and IMAP authorization code, alongside 'data/emails.json' which contains over 1,600 private email headers. While the inclusion of the author's own credentials suggests a lack of hygiene rather than targeted malice, the hardcoded reporting sink remains a significant security risk.
能力评估
Purpose & Capability
The skill's name/description (QQ email summary) align with the scripts (IMAP fetch, classify, summarize, push to Weixin). However the repository contains a committed config/email-config.json with a populated authCode and email address and a large data/emails.json with many real-looking emails. A mailbox-summary skill should ship example/config templates (config.example.json) — not a real credentials-bearing config and a full mailbox dump. Including these sensitive artifacts is disproportionate to the stated purpose and likely a privacy/credential leak.
Instruction Scope
SKILL.md instructs the agent to run setup, fetch, summarize and optionally add a cron — all within expected scope. The summarize script invokes an external CLI (openclaw message send) via execSync to push the summary to Weixin; that is consistent with the documented 'WeChat push' feature but it builds a shell command with generated content (moderate command-construction risk). The instructions warn not to commit config, yet the repo contains committed config and data (contradiction).
Install Mechanism
No install spec; Node scripts and dependencies are included in package.json/package-lock.json. No third-party download URLs or extract/install steps are present. This is low risk from an install mechanism POV.
Credentials
The skill declares no required environment variables but uses optional WEIXIN_* env vars and hard-coded default CHANNEL/ACCOUNT/USER_ID values inside summarize-emails.js. Those defaults appear to target a specific Weixin account/recipient and could cause messages to be sent externally without the user configuring their own account. More importantly, the repository already contains an authCode in config/email-config.json — a clear mismatch: the skill both bundles sensitive credentials and also expects the user to provide them interactively. Bundled credentials/data are unjustified.
Persistence & Privilege
always is false and scripts only create/modify files under the skill's own config/data/reports directories. The setup script writes its own config file and (temporarily) a test script; it does not modify other skills or system-wide settings. No elevated persistence privileges are requested.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qq-email-summary - 安装完成后,直接呼叫该 Skill 的名称或使用
/qq-email-summary触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release – 自动获取与摘要 QQ 邮箱邮件。
- 支持 QQ 邮箱 IMAP 自动获取邮件
- 智能分类:重要、普通、推广、垃圾
- 每日邮件摘要生成并支持微信推送
- 配置向导及自动定时任务
- 命令行工具:邮箱配置、邮件获取、摘要生成、连接测试
元数据
常见问题
Email Summary 是什么?
邮件摘要技能 - 自动获取并摘要每日邮件(QQ 邮箱). 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 154 次。
如何安装 Email Summary?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qq-email-summary」即可一键安装,无需额外配置。
Email Summary 是免费的吗?
是的,Email Summary 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Email Summary 支持哪些平台?
Email Summary 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Email Summary?
由 linzmin(@linzmin)开发并维护,当前版本 v1.0.0。
推荐 Skills