← 返回 Skills 市场
838
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install snailmail
功能描述
A slow-channel inbox for leaving your operator important messages. Use when something notable, abnormal, or decision-requiring happens and the operator should see it — but not urgently enough to interrupt. Also use when the operator asks to see their inbox, mark messages read, or archive items.
安全使用建议
This skill appears to be a simple local inbox: it stores messages in a JSON file and has no networking or secret access. Before installing, note these inconsistencies: (1) The CLI uses Node.js but the skill metadata does not declare any required binary — ensure your agent environment provides node and the expected Node version. (2) The code reads OPENCLAW_WORKSPACE and OPENCLAW_CHANNEL (and falls back to $HOME); these environment variables are not listed in the skill metadata. Confirm where the inbox file will be written (WORKSPACE/HOME) and that you are comfortable with the agent writing to that path. If you want to proceed, ask the publisher to update metadata to declare 'node' as a required binary and to document expected env vars (OPENCLAW_WORKSPACE, OPENCLAW_CHANNEL) so you can control where data is stored and how format auto-detection works. If you need higher assurance, review the included scripts/inbox.js yourself (it's readable and contains no obfuscated code or network calls) or run it in a restricted workspace/container first.
功能分析
Type: OpenClaw Skill
Name: snailmail
Version: 1.0.0
The `scripts/inbox.js` file contains a vulnerability where user-provided message content is not sanitized when rendered in Markdown format by the `renderMD` function. This could lead to Markdown injection (e.g., XSS in a vulnerable chat client or potential prompt injection if the agent re-interprets the Markdown output) if an attacker can control the input to the `add` command. While the `SKILL.md` instructions are generally benign and even advise the agent not to add commentary to the output, the lack of sanitization for Markdown output is a significant flaw, though not indicative of intentional malicious behavior like data exfiltration or persistence.
能力评估
Purpose & Capability
The skill is an on-disk inbox and the code implements that exactly (local JSON storage, add/list/archive/render). However the registry lists no required binaries while the CLI and scripts clearly assume a Node.js runtime (commands call 'node .../scripts/inbox.js'). The absence of a declared runtime is an incoherence: a consumer or agent orchestrator needs to know Node is required.
Instruction Scope
SKILL.md instructs the agent to create/read/write {workspace}/inbox/messages.json and to run the included Node script for add/list/render/heartbeat. The runtime code also reads process.env.OPENCLAW_WORKSPACE and process.env.OPENCLAW_CHANNEL for behavior. Those environment variables are referenced in instructions/code but are not declared in the skill metadata. Apart from that, the instructions stay within the expected scope (no network calls, no reading of unrelated files).
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain risk. The skill includes a single JS script that is run by the agent; nothing is downloaded or extracted at install time. This is coherent and low-risk from an install mechanism perspective.
Credentials
The skill requests no secrets and does not attempt to access external endpoints — that's good. However, it relies on environment variables (OPENCLAW_WORKSPACE and OPENCLAW_CHANNEL) and falls back to HOME if not set; these env vars are not declared in requires.env or listed as primaryEnv. The metadata should list the runtime requirement (Node) and any env vars the skill expects so users know what will be read and where data will be written.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes only to an inbox directory under the workspace/HOME and uses atomic file writes. Autonomous invocation (disable-model-invocation=false) is normal and not by itself a concern here.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install snailmail - 安装完成后,直接呼叫该 Skill 的名称或使用
/snailmail触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of snail-mail: a "slow channel" inbox for non-urgent, notable, or decision-requiring operator messages.
- Automatically creates and manages an inbox file for message storage.
- Includes CLI for adding messages with priority, listing, marking read, archiving, and rendering in multiple formats.
- Provides clear guidance on what types of events should be reported, how to prioritize, and how to write actionable entries.
- Inbox integrates with heartbeat checks to surface only urgent messages proactively.
元数据
常见问题
Snail Mail 是什么?
A slow-channel inbox for leaving your operator important messages. Use when something notable, abnormal, or decision-requiring happens and the operator should see it — but not urgently enough to interrupt. Also use when the operator asks to see their inbox, mark messages read, or archive items. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 838 次。
如何安装 Snail Mail?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install snailmail」即可一键安装,无需额外配置。
Snail Mail 是免费的吗?
是的,Snail Mail 完全免费(开源免费),可自由下载、安装和使用。
Snail Mail 支持哪些平台?
Snail Mail 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Snail Mail?
由 Memeothy(@dvdegenz)开发并维护,当前版本 v1.0.0。
推荐 Skills