← 返回 Skills 市场
flyingtimes

Send Email Tool

作者 flyingtimes · GitHub ↗ · v2.5.0
cross-platform ⚠ suspicious
591
总下载
0
收藏
5
当前安装
12
版本数
在 OpenClaw 中安装
/install send-email-tool
功能描述
邮件发送工具。配置 SMTP 发件人后,通过脚本发送纯文本或 HTML 邮件,支持附件、抄送、密送。在需要发送邮件通知、报告、自动化邮件时触发。
安全使用建议
This skill appears to do what it says (send SMTP email with templates, attachments, inline images). Before installing/using it, consider the following: 1) Prefer installing and using a real system keyring (pip install keyring) so credentials are not stored in the fallback base64 files; if keyring fallback files (~/.send_email_password, ~/.send_email_username) appear delete them and re-save credentials to keyring. 2) Treat the config file (~/.send_email_config.json) and any backup credential files as sensitive — ensure file permissions (0o600) and avoid using on multi-user/shared machines. 3) Test with a non-critical email account and use app-specific passwords (e.g., Gmail App Password) rather than your main account password. 4) Be aware the script will read any local paths you provide (attachments, inline images, template files); do not pass sensitive system files as attachments. 5) If you allow the agent to invoke the skill autonomously, remember that an attacker or misconfigured agent could craft messages that exfiltrate local files — restrict autonomous use or review invocation policies if necessary. 6) If you want stronger protection, review the send_email.py source before use and consider replacing the base64 fallback with proper encryption or forcing keyring-only storage.
功能分析
Type: OpenClaw Skill Name: send-email-tool Version: 2.5.0 The skill's core functionality of sending emails is benign. However, it is classified as suspicious due to a critical vulnerability in its credential management fallback. If the `keyring` library is not available, the skill stores the sender's email and password in local files (`~/.send_email_username`, `~/.send_email_password`) using base64 encoding. Base64 is an encoding, not encryption, making these credentials easily reversible and recoverable by anyone with local file access, despite the files being set to 0o600 permissions. This insecure storage mechanism, explicitly noted in `SKILL.md` and implemented in `scripts/send_email.py`, presents a significant security flaw that could be exploited if the system is compromised, even though there is no evidence of intentional malicious exfiltration by the skill itself.
能力评估
Purpose & Capability
Name/description (send email via SMTP, HTML, attachments, inline images, templates) match the included script and instructions. No unrelated credentials or services are requested and required functionality (keyring, markdown conversion, template rendering, file attachments) is coherent with the stated purpose.
Instruction Scope
Runtime instructions tell the agent/user to run the included send_email.py script, configure SMTP, and manage credentials via keyring. The script and docs explicitly read local files for templates, attachments, and inline images and persist configuration to ~/.send_email_config.json — this is expected for an email tool but means the skill will access local file paths you supply. The fallback behavior (when keyring is not installed) stores credentials in base64-encoded files in the home directory; that's functionally coherent but weak from a security perspective and should be considered by the user.
Install Mechanism
There is no automated install spec; this is instruction + script. Dependencies are limited to optional Python packages (keyring, markdown) suggested via pip — no remote downloads or obscure installers are used in the package metadata.
Credentials
The skill requests no environment variables or external API keys, which is proportionate. It does persist configuration and (optionally) credentials locally: preferred storage is the system keyring, but the fallback writes base64-encoded username/password files (~/.send_email_username, ~/.send_email_password) and a JSON config (~/.send_email_config.json). Those files are reversible and should be treated as sensitive; their presence is justified by the feature but carries additional risk.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It will create/update files under the user's home directory (config and backup credential files) which is normal for local CLI tools. Note: the skill can be invoked autonomously (disable-model-invocation is false by default) — combined with the ability to attach/inline arbitrary local files, that increases the impact if an agent were compromised, but this is not itself incoherent with the skill's purpose.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install send-email-tool
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /send-email-tool 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.5.0
优化 Markdown 自动检测和图片内嵌功能,改进文档说明
v2.4.0
v2.4.0 - 重新设计 default 模板,适配实际 Markdown 输出结构。正文使用 24px 粗体,添加浅色渐变底色和装饰边框。采用 YouTube 风格的配色方案,简洁清晰。
v2.3.0
v2.3.0 - 重新设计 default 模板为 YouTube 风格。使用 YouTube 的设计语言,白色背景,灰色内容区,清晰的卡片分割。正文字体 15px,易于阅读。蓝色主题色(#065fd4),简洁现代的视觉效果。
v2.2.0
v2.2.0 - 重新设计 default 模板。添加紫色渐变背景,增强视觉冲击力。每个帖子独立卡片设计,带有明显分隔线。增大正文字体和行高,提升阅读体验。添加悬停效果和阴影,增加交互感。增强标题、列表、代码块、引用等元素的样式。
v2.1.0
v2.1.0 - 新增模板功能。添加 --template 参数,支持使用指定模板渲染邮件。提供仿照 x.com 样式的默认模板(default.html),包含现代简约的商务风格,支持卡片式布局、圆角边框、响应式设计。模板功能与 Markdown 自动检测完全兼容。
v1.5.0
v1.5.0 - 稳定版本发布。支持 SMTP 邮件发送,支持纯文本和 HTML 格式,支持内嵌图片(自动检测 Markdown),支持附件、抄送、密送。配置持久化,支持 keyring 密钥管理。
v2.0.0
重大更新:Markdown 自动检测 + 图片自动嵌入 新功能: - 自动检测 Markdown 格式(标题、粗体、列表、代码块等) - 自动提取 Markdown 中的图片 - 自动转换为 HTML 并内嵌图片到邮件正文 - 支持手动指定内嵌图片(--inline-images 参数) - 图片使用 CID 技术,兼容所有主流邮件客户端 改进: - 添加 MarkdownProcessor 类处理 Markdown 转换 - 支持无 markdown 库时的简单转换(仅处理图片) - 更新 SKILL.md 文档和示例 - 新增 examples/ 目录,包含测试文件 技术细节: - 使用 multipart/related MIME 类型 - 自动替换图片路径为 CID 引用(src="cid:filename") - 跳过 http:// 和 https:// 开头的图片链接 - 支持 PNG、JPG、JPEG、GIF、WebP 格式
v1.4.0
修改默认 SMTP 端口为 465(SSL),使用 SSL 连接而非 TLS
v1.3.0
发件人邮箱也通过 keyring 存储,默认使用 [email protected] 邮箱
v1.2.0
移除 --password 参数,强制使用 keyring 管理密码,避免密钥暴露在上下文中
v1.1.0
添加 keyring 密钥管理:支持安全存储密码、自动读取、命令行管理
v1.0.0
邮件发送工具:支持 SMTP、HTML、附件、抄送和密送
元数据
Slug send-email-tool
版本 2.5.0
许可证
累计安装 5
当前安装数 5
历史版本数 12
常见问题

Send Email Tool 是什么?

邮件发送工具。配置 SMTP 发件人后,通过脚本发送纯文本或 HTML 邮件,支持附件、抄送、密送。在需要发送邮件通知、报告、自动化邮件时触发。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 591 次。

如何安装 Send Email Tool?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install send-email-tool」即可一键安装,无需额外配置。

Send Email Tool 是免费的吗?

是的,Send Email Tool 完全免费(开源免费),可自由下载、安装和使用。

Send Email Tool 支持哪些平台?

Send Email Tool 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Send Email Tool?

由 flyingtimes(@flyingtimes)开发并维护,当前版本 v2.5.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论