← 返回 Skills 市场

Resend Skills

Name: Resend Skills
Author: christina-de-martinez

作者 Christina Martinez · GitHub ↗ · v3.3.1 · MIT-0

cross-platform ⚠ suspicious

2348

总下载

当前安装

版本数

在 OpenClaw 中安装

/install resend-skills

功能描述

Use when working with the Resend email API — sending transactional emails (single or batch), receiving inbound emails via webhooks, managing email templates,...

安全使用建议

This package appears to be a documentation-heavy Resend integration and legitimately needs your RESEND_API_KEY (and optionally the webhook signing secret). Before installing: 1) verify the skill's source (the registry metadata lists 'unknown' but the SKILL.md references resend.com and a GitHub repo) — prefer skills published by the official vendor; 2) confirm your platform will provide the Node SDK or add an explicit install step (npm install resend) — right now there's no install spec; 3) treat RESEND_API_KEY and RESEND_WEBHOOK_SECRET as sensitive: do not paste them into code that logs them (some examples print created tokens to console); 4) because the skill can be invoked autonomously and will have access to your API key if you provide it, consider granting a scoped sending-only API key (if Resend supports it) rather than a full-access key; 5) ask the publisher to fix the registry metadata to declare required env vars and provide an install spec or host the skill from the official repo. These fixes would change the assessment to benign if they match the embedded SKILL.md and the publisher identity is verified.

功能分析

Type: OpenClaw Skill Name: resend-skills Version: 3.3.1 The Resend skill bundle is a comprehensive and well-documented integration for the Resend email API. It provides extensive guidance and code examples for Node.js, Python, and other languages covering email delivery, template management, webhooks, and domain verification. The instructions in SKILL.md and the reference files focus on production best practices, such as using idempotency keys to prevent duplicate sends and mandatory webhook signature verification to prevent spoofing. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; in fact, the documentation explicitly warns about security risks when processing untrusted email content and recommends additional security skills.

能力标签

crypto

能力评估

ℹ Purpose & Capability

Name, description, and included docs/code consistently implement Resend API functionality (sending, webhooks, templates, logs, etc.). The SKILL.md declares RESEND_API_KEY (required) and RESEND_WEBHOOK_SECRET (optional) which are appropriate for this purpose. However, the registry-level metadata claims no required env vars / no homepage / unknown source while the embedded SKILL.md and file manifest reference an upstream source and require credentials — this mismatch is an incoherence.

✓ Instruction Scope

SKILL.md instructions and examples stay within Resend API scope (send emails, verify webhooks, manage templates, etc.). The instructions reference only RESEND_API_KEY and RESEND_WEBHOOK_SECRET and standard SDK calls; there are no instructions to read unrelated system files or exfiltrate arbitrary data. Examples do print tokens/secrets to console in docs (e.g., showing created API key or signing_secret), which is a potential accidental-leak risk if users copy example code into production without securing logs.

⚠ Install Mechanism

There is no install spec even though code examples (and fetch-all-templates.mjs) require the 'resend' npm package (comment: 'Requires: npm install resend'). The skill will likely need the Resend SDK at runtime but does not declare installation steps; absence of an install spec means the agent/platform needs to provide the SDK or the examples will fail. This mismatch is a packaging/operational risk (not inherently malicious) and should be clarified.

⚠ Credentials

The SKILL.md rightly requires RESEND_API_KEY (and optionally RESEND_WEBHOOK_SECRET) which are proportional to the stated capabilities. The problem: the registry metadata listed no required env vars/primary credential — a discrepancy that could lead users to install the skill without realizing it needs sensitive credentials. Also some example snippets show printing tokens/signing secrets to stdout; copying those examples verbatim could leak secrets to logs.

✓ Persistence & Privilege

The skill is not marked always:true and does not request system config paths or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges here.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install resend-skills
安装完成后，直接呼叫该 Skill 的名称或使用 /resend-skills 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v3.3.1

Add support for automations and events Add support for logs Move evals out of the skills folder

v2.7.0

- Introduced new `templates` sub-skill for managing email templates via API. - Expanded SKILL.md documentation to include usage and routing details for template management. - Added files for template management workflows and testing: templates/SKILL.md, templates/fetch-all-templates.mjs, templates/reference.md, tests/templates.test.md. - Recommend Tailscale Funnels for webhook tunneling.

v2.5.0

- Bumped skill version from 2.4.0 to 2.5.0 in metadata. - In the last update (which we didn't publish here), we also updated the language in the tests to not sound like it's a prompt injection. That language was causing this package to be marked as suspicious. We're hoping this clears it up!

v2.4.0

Resend skill v2.4.0 includes sub-skill improvements, security clarifications, and new test coverage. - Added new sub-skill: `agent-email-inbox`, replacing `moltbot` for AI/automated inbox workflows with enhanced security notes. - Updated skill metadata: explicit API inputs (`RESEND_API_KEY`, `RESEND_WEBHOOK_SECRET`), homepage and source links. - Clarified use cases and security for systems processing untrusted emails. - Added guidance for marketing/broadcast emails. - New test files added: coverage for sending, receiving, routing, and agent inbox workflows.

v2.2.0

- Improved guidance on using webhooks to notify our clawed friends on email receipt.

v2.0.1

- Improved webhook setup instructions - Bumped skill version from 2.0.0 to 2.1.0 in metadata.

v2.0.0

Big update: Added support for AI agent email inboxes via a new sub-skill. - Introduced the `agent-email-inbox` sub-skill for setting up email inboxes for AI agents. - Expanded sub-skills table and quick routing section to include AI agent inbox setup and security features. - Provided instructions for webhook setup (including local development via tunneling) and security measures to prevent prompt injection. - Version updated from 1.1.0 to 2.0.0.

v1.1.0

- Initial release of resend-skills v1.0.0. - Offers routing to sub-skills for sending (send-email) and receiving (resend-inbound) emails using the Resend platform. - Provides setup guidance for API keys and SDK installation. - Includes documentation links and quick-use scenarios for each email function.

元数据

Slug resend-skills

版本 3.3.1

许可证 MIT-0

累计安装 5

当前安装数 5

历史版本数 8

常见问题

Resend Skills 是什么？

Use when working with the Resend email API — sending transactional emails (single or batch), receiving inbound emails via webhooks, managing email templates,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2348 次。

如何安装 Resend Skills？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install resend-skills」即可一键安装，无需额外配置。

Resend Skills 是免费的吗？

是的，Resend Skills 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Resend Skills 支持哪些平台？

Resend Skills 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Resend Skills？

由 Christina Martinez（@christina-de-martinez）开发并维护，当前版本 v3.3.1。