← 返回 Skills 市场
618
总下载
1
收藏
3
当前安装
1
版本数
在 OpenClaw 中安装
/install qq-mail-monitor
功能描述
QQ 邮箱自动监控技能,支持定时检查新邮件、TTS 语音播报提醒、邮件收发功能。适用于邮件通知、验证码提取、自动回复等场景。
安全使用建议
This skill largely does what it says (checks QQ IMAP, sends via SMTP), but take these precautions before installing or running it: 1) Do NOT hard-code your QQ auth code into the scripts. Replace the EMAIL/AUTH_CODE variables with secure environment variables (os.getenv) or a protected secrets store. 2) Change the STATE_FILE path to a location inside the skill's data directory (or configurable via env var) so it won't write to someone else's absolute path (/Users/qin/...). 3) Remember outputs (stdout/cron logs) include email subject/from — treat logs as sensitive and avoid exposing them to untrusted services. 4) Verify cron/task integration and that the runtime environment can reach imap.qq.com/smtp.qq.com. 5) If you need assistant-level pause/resume functionality, inspect or implement the control hooks — they are not present by default. If these inconsistencies worry you or you cannot modify the code, prefer a skill that declares required credentials and reads them from env vars rather than editing files.
功能分析
Type: OpenClaw Skill
Name: qq-mail-monitor
Version: 1.0.0
The skill is classified as suspicious due to a hardcoded file path for state management (`/Users/qin/.openclaw/workspace/.mail_state.json` in `scripts/qq_mail_auto_check.py` and `scripts/qq_mail_monitor.py`), which is a minor vulnerability that could lead to errors or unintended file access in different environments. Additionally, while the skill's core functionality (email monitoring and sending) is legitimate, it requires sensitive email authorization codes, and the `README.md` instructs users to directly edit the script for configuration, which is a less secure practice than using environment variables (though `PUBLISH.md` advises the latter). The `SKILL.md` and `README.md` also contain instructions for the AI agent to manage cron jobs and interact with email content, representing an inherent prompt injection surface, though the provided instructions themselves are benign and functional.
能力评估
Purpose & Capability
Name/description match the included scripts (IMAP check, SMTP send, TTS/notification). However the package declares no required environment variables or credentials even though the scripts require an email address and a 16-char authorization code. PUBLISH.md recommends using environment variables, but the actual scripts expect the developer/user to edit Python variables in-place. That mismatch is disproportionate and confusing.
Instruction Scope
SKILL.md tells the user to edit the scripts to set EMAIL and AUTH_CODE and to run/cron the scripts — which is consistent with an install-less script package — but it also promises assistant-level commands like '暂停邮件监控'/'恢复邮件监控' without any implementation hooks. The scripts print full email subject/from and return JSON; printing email contents to stdout may expose sensitive content to logs or the hosting platform. Instructions rely on manual edits rather than secure secret handling.
Install Mechanism
No install spec and requirements.txt lists only standard-library modules. No remote downloads or package installs are requested, so there is low install-time risk. This is an instruction+script package — risk comes from runtime credential handling, not installation.
Credentials
The skill requires sensitive credentials (QQ email and an IMAP/SMTP auth code) to function, but requires.env and primary credential fields are empty. The code uses plain variables EMAIL/AUTH_CODE (placeholders) inside all scripts rather than reading declared env vars, encouraging users to hard-code secrets. That is disproportionate and increases the chance of accidental credential exposure.
Persistence & Privilege
The scripts write state to an absolute path: /Users/qin/.openclaw/workspace/.mail_state.json (in qq_mail_auto_check.py and qq_mail_monitor.py). That path is user-specific, non-portable, and indicates the script will create/modify files outside the skill directory; this unexpected filesystem footprint is a legitimate concern. The skill is not always-enabled and does not modify other skills, but the state file behavior should be corrected.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install qq-mail-monitor - 安装完成后,直接呼叫该 Skill 的名称或使用
/qq-mail-monitor触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
初始发布:QQ 邮箱自动监控,定时检查新邮件,TTS 语音播报提醒
元数据
常见问题
Qq Mail Monitor 是什么?
QQ 邮箱自动监控技能,支持定时检查新邮件、TTS 语音播报提醒、邮件收发功能。适用于邮件通知、验证码提取、自动回复等场景。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 618 次。
如何安装 Qq Mail Monitor?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install qq-mail-monitor」即可一键安装,无需额外配置。
Qq Mail Monitor 是免费的吗?
是的,Qq Mail Monitor 完全免费(开源免费),可自由下载、安装和使用。
Qq Mail Monitor 支持哪些平台?
Qq Mail Monitor 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Qq Mail Monitor?
由 ksswei(@ksswei)开发并维护,当前版本 v1.0.0。
推荐 Skills