← 返回 Skills 市场
210
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install tutacom
功能描述
Send, read, and manage emails via Tuta (formerly Tutanota) encrypted email service. Use when user asks to send emails, check inbox, read mail, or do any emai...
安全使用建议
This skill mostly does what it says (a Tuta client), but there are multiple red flags you should resolve before installing: 1) The registry metadata does not declare the TUTA_EMAIL/TUTA_PASSWORD env vars or the config path even though SKILL.md instructs you to store credentials in openclaw.json — ask the publisher to correct the metadata. 2) The script and instructions persist decrypted keys and the passphrase_key in a session JSON file; avoid storing plaintext credentials or decrypted keys where other processes or users can read them. 3) The SKILL.md suggests pip-installing crypto libraries; review those installs and prefer using a virtualenv or sandboxed environment. 4) The included Python file (as provided) contains a likely syntax/truncation error during session loading — ask for a clean, reviewed release and verify the code before running. 5) Because this uses an undocumented API, the client may break or behave unexpectedly; prefer official/ documented integrations when possible. If you still want to use it, test in an isolated environment, don't reuse your primary password (consider app-specific password if supported), and request that the author: (a) declare required env/config in the registry metadata, (b) remove writing raw decrypted keys to disk or protect them with OS-level permissions/encryption, and (c) provide a signed, reviewed release.
功能分析
Type: OpenClaw Skill
Name: tutacom
Version: 1.0.0
The skill bundle provides a functional, well-implemented client for the Tuta (formerly Tutanota) encrypted email service. The Python script `scripts/tuta_client.py` correctly implements Tuta's specific end-to-end encryption protocol, including key derivation (bcrypt/argon2) and AES/HMAC operations, and interacts only with the legitimate Tuta API endpoint (app.tuta.com). While it handles sensitive credentials and session keys, it follows security best practices such as setting restrictive file permissions (0600) on session files and lacks any indicators of data exfiltration, obfuscation, or malicious intent.
能力评估
Purpose & Capability
The script implements login, inbox, read, and send functionality against https://app.tuta.com/rest, which matches the skill description. However the registry metadata claims no required environment variables or config paths, while SKILL.md instructs the user to store TUTA_EMAIL and TUTA_PASSWORD in openclaw.json under skills.entries.tuta-mail.env. That metadata/requirements mismatch is a clear incoherence.
Instruction Scope
Runtime instructions tell the agent to save a session file containing access token and decrypted keys to /tmp/tuta_session.json and to store credentials in openclaw.json (agent config). Saving decrypted keys to disk and instructing to place plaintext credentials into the agent config increases exposure and is not declared in the skill metadata. The instructions also require installing Python crypto packages and use an undocumented REST API — understandable for this functionality but worth noting.
Install Mechanism
This is an instruction-only skill with an included Python script. There is no formal install spec; the SKILL.md recommends pip installing dependencies. That is a moderate-risk, common pattern for script-based skills but means code will be executed locally and dependencies installed at runtime.
Credentials
The client legitimately needs the user's Tuta email and password, which the SKILL.md requests as TUTA_EMAIL and TUTA_PASSWORD. However the registry metadata lists no required env vars or primary credential and declares no required config paths. The SKU asks to persist decrypted passphrase_key and group keys in the session file (sensitive material). The credential storage and lack of metadata declaration are disproportionate/ inconsistent.
Persistence & Privilege
always:false and model invocation allowed (defaults) — normal. The SKILL.md asks the user to write credentials into openclaw.json (agent config) and to persist a session file under /tmp; writing its own session file is normal for a client, but storing sensitive decrypted keys in a broadly accessible file and modifying agent config without the metadata declaring config usage increases the risk profile.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tutacom - 安装完成后,直接呼叫该 Skill 的名称或使用
/tutacom触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of tuta-mail skill.
- Send, read, and manage emails using the Tuta (formerly Tutanota) encrypted email service.
- Supports login, listing inbox, reading emails, and sending non-confidential emails via Python CLI client.
- Session handling with local caching to minimize repeated logins.
- Credentials are managed via secure environment variables.
- Tuta-to-Tuta email sending and attachments are not yet supported.
元数据
常见问题
Manage your tuta.com account 是什么?
Send, read, and manage emails via Tuta (formerly Tutanota) encrypted email service. Use when user asks to send emails, check inbox, read mail, or do any emai... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 210 次。
如何安装 Manage your tuta.com account?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tutacom」即可一键安装,无需额外配置。
Manage your tuta.com account 是免费的吗?
是的,Manage your tuta.com account 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Manage your tuta.com account 支持哪些平台?
Manage your tuta.com account 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Manage your tuta.com account?
由 Jay(@aididmyhomework)开发并维护,当前版本 v1.0.0。
推荐 Skills