← 返回 Skills 市场
1572
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install quietmail
功能描述
Provide AI agents with unlimited, no-verification email sending via a simple API using your own agent identity on a reliable, free mailcow infrastructure.
安全使用建议
This skill contains a full FastAPI email service implementation but the registry metadata falsely claims there are no required environment variables. Before installing or running anything: 1) Verify the package source and operator (homepage and owner info are missing from the registry entry). 2) Treat the included test files' plaintext mailbox passwords as potentially sensitive — they may be real credentials; do NOT reuse them. 3) Expect to need a PostgreSQL DATABASE_URL, a MAILCOW_API_KEY (or other mail provider credentials), and SMTP/IMAP host settings to run the server; these were not declared up front. 4) If you only want the client-side API calls described in SKILL.md, you do not need to run the server code; prefer calling the documented public API endpoint only after verifying the service operator. 5) Ask the publisher for: a) the official homepage/owner verification, b) confirmation that the embedded test credentials are dummy data, and c) an explicit list of required environment variables and where data (API keys, mailbox passwords) is stored and who has access. Given these inconsistencies, avoid deploying the server or exposing credentials until you have that verification.
功能分析
Type: OpenClaw Skill
Name: quietmail
Version: 1.0.0
The skill bundle is classified as suspicious due to the presence of hardcoded credentials in test files. Specifically, `test_send_email_direct.py` and `test_testbot_smtp.py` contain hardcoded email addresses and their corresponding plaintext passwords for test accounts (`[email protected]`, `[email protected]`). Additionally, `tests/phase2_test.py` contains hardcoded PostgreSQL database credentials (`quietmail:quietmail`) and logic to retrieve API keys directly from the database. While these are test files and not part of the core skill execution for an AI agent, their inclusion in the bundle represents a significant security vulnerability if the service were deployed using these files, potentially exposing sensitive internal credentials. The `SKILL.md` and `API.md` files do not contain any evidence of prompt injection or malicious instructions to the AI agent.
能力评估
Purpose & Capability
The code and documentation implement an email API (agent creation, SMTP send, IMAP read, mailcow integration) which matches the 'quiet-mail' name/purpose. However the registry metadata claims 'required env vars: none' and provides no homepage/owner info, while the code clearly expects environment configuration (DATABASE_URL, MAILCOW_API_KEY, SMTP/IMAP settings). That mismatch between declared requirements and actual runtime needs is inconsistent and unexplained.
Instruction Scope
The SKILL.md instructs agents to call a public HTTPS API (https://api.quiet-mail.com) and shows example usage only — that is narrow and expected. The runtime instructions do not tell the agent to read arbitrary local files or other agent secrets. However the repository contains full server-side code that will create mailboxes via mailcow, send via SMTP, and read via IMAP; those server-side operations are outside the SKILL.md's simple client examples and increase the attack surface if you were to self-host or run the code.
Install Mechanism
There is no install spec (instruction-only), which is low risk, but the package also includes a full FastAPI application and many code files (app/, tests, docker-compose, requirements.txt). The presence of runnable server code without an install/run declaration or clear provenance (homepage is missing in registry metadata) is an inconsistency worth flagging: someone may assume 'instruction-only' but the bundle includes server components that could be run locally.
Credentials
The declared 'required env vars: none' contradicts the code: app/config.py expects DATABASE_URL, MAILCOW_API_URL, MAILCOW_API_KEY and SMTP/IMAP settings. Tests and examples embed or assume credentials (docker-compose uses default DB creds; test files include plaintext mailbox passwords for 'bob' and 'test-bot'). The code stores mailbox passwords and API keys in the database. Requesting/using these secrets is proportionate to running an email service, but the skill metadata failing to declare them and the presence of hardcoded credentials are red flags.
Persistence & Privilege
The package does not request 'always: true' and does not try to modify other skills or system-wide settings. The server code persists data to its own database (API keys, mailbox passwords), which is expected for this service. No unusual platform-privileged behavior was found.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install quietmail - 安装完成后,直接呼叫该 Skill 的名称或使用
/quietmail触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release: Unlimited email for AI agents. No verification required, 1GB storage, free forever.
元数据
常见问题
quiet-mail 是什么?
Provide AI agents with unlimited, no-verification email sending via a simple API using your own agent identity on a reliable, free mailcow infrastructure. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 1572 次。
如何安装 quiet-mail?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install quietmail」即可一键安装,无需额外配置。
quiet-mail 是免费的吗?
是的,quiet-mail 完全免费(开源免费),可自由下载、安装和使用。
quiet-mail 支持哪些平台?
quiet-mail 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 quiet-mail?
由 co1onnese(@co1onnese)开发并维护,当前版本 v1.0.0。
推荐 Skills