← 返回 Skills 市场
adainthelab

Skulk Email

作者 Ada Vale · GitHub ↗ · v1.0.2 · MIT-0
cross-platform ⚠ suspicious
406
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install skulk-email
功能描述
Email via DreamHost — read inbox, send email, search messages. Send works from any VPS (including DigitalOcean) by routing through DreamHost's Roundcube webm...
安全使用建议
This skill is consistent with its description, but keep these practical safety points in mind: - The script requires storing your mailbox password in plaintext in ~/.config/skulk-email/credentials.json. Ensure the directory (700) and file (600) permissions are applied and only use on machines you trust. Consider using an account with limited privileges or an app-specific password where supported. - The send flow automates a webmail login and scrapes tokens; it stores cookies in /tmp and attempts to clean them up on exit, but if the process is killed (SIGKILL) cookies may remain temporarily. Don’t run on multi-user systems where /tmp is shared without appropriate protections. - Webmail automation can be brittle (changes to the Roundcube UI could break it) and may run afoul of provider rate limits or terms of service if abused; avoid bulk sending and respect DreamHost/Gmail policies. - If you need stronger security, consider using an OAuth/app-password approach for Gmail and avoid storing long-lived plaintext passwords. - If you want additional assurance, review the script yourself or run it in a sandbox/VPS you control before linking any production mailbox.
功能分析
Type: OpenClaw Skill Name: skulk-email Version: 1.0.2 The skill provides legitimate email functionality via IMAP and DreamHost Roundcube webmail automation to bypass SMTP blocks. However, it contains a security vulnerability in `scripts/skulk-email.sh` where sensitive email credentials (passwords) are passed as plaintext command-line arguments to a Python subprocess, making them visible to other users on the system via the process list. It also stores session cookies in the shared `/tmp` directory. While these appear to be unintentional design flaws rather than malicious intent, they represent a risk to credential confidentiality.
能力评估
Purpose & Capability
Name/description (DreamHost Roundcube send + IMAP read) align with the script's actions: it reads a local credentials JSON, uses imaplib for IMAP access (imap.dreamhost.com / optionally imap.gmail.com) and uses curl to log in and send via webmail.dreamhost.com. Required binaries (python3, curl, jq) are reasonable and documented.
Instruction Scope
SKILL.md instructs the user to store credentials in ~/.config/skulk-email/credentials.json and run the provided script. The script only reads that file, contacts the documented DreamHost/Gmail endpoints, and writes temporary cookies to /tmp; it does not attempt to read other system files or exfiltrate data to unexpected endpoints.
Install Mechanism
There is no install spec (instruction-only plus an included script), so nothing is downloaded or installed by the skill itself. This minimizes install-time risk. The runtime dependencies are standard, documented binaries.
Credentials
No environment variables, no external API keys, and no unrelated credentials are requested. The only secret required is the mailbox password (DreamHost, and optionally a Gmail app password), stored in the explicitly-documented local JSON file. That storage method and permissions are described in SKILL.md.
Persistence & Privilege
The skill is not always-enabled and does not request persistent system-wide changes or modify other skills. It runs on-demand and performs its actions only when invoked.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install skulk-email
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /skulk-email 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.2
Frontmatter description now explicitly lists host dependencies (python3, curl, jq) and credential file path (~/.config/skulk-email/credentials.json) with manual setup requirement.
v1.0.1
Added explicit requirements (python3, curl, jq) and security section documenting credential handling, TLS-only transmission, and cleanup behavior.
v1.0.0
Initial release. Read and send email via DreamHost — bypasses SMTP port blocks (DigitalOcean, etc.) by routing sends through Roundcube webmail over HTTPS. IMAP reading for DreamHost and Gmail. No third-party services needed.
元数据
Slug skulk-email
版本 1.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 3
常见问题

Skulk Email 是什么?

Email via DreamHost — read inbox, send email, search messages. Send works from any VPS (including DigitalOcean) by routing through DreamHost's Roundcube webm... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 406 次。

如何安装 Skulk Email?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install skulk-email」即可一键安装,无需额外配置。

Skulk Email 是免费的吗?

是的,Skulk Email 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Skulk Email 支持哪些平台?

Skulk Email 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Skulk Email?

由 Ada Vale(@adainthelab)开发并维护,当前版本 v1.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论