← 返回 Skills 市场
WeCom邮箱
作者
chongjie-ran
· GitHub ↗
· v1.0.0
· MIT-0
238
总下载
0
收藏
1
当前安装
1
版本数
在 OpenClaw 中安装
/install wecom-email
功能描述
企业微信邮箱操作 - 使用专用邮箱发送邮件。 支持读取会议纪要、业务文档等作为邮件内容发送。
安全使用建议
This skill performs the advertised task (send corporate email) but the SKILL.md tells the agent to read and decode local credential files while the metadata lists no required credentials — that's a mismatch you should not ignore. Before installing or enabling: 1) Ask the publisher which exact credential/config path(s) the skill will access and require that to be declared in metadata. 2) Ensure the SMTP account is a dedicated, restricted mailbox (not your primary personal account). 3) Require the skill to prompt for explicit user consent every time before reading any local file or sending an email. 4) Prefer short-lived or minimum-permission credentials (or an API-based integration) instead of storing reusable secrets in plaintext/base64. 5) If the skill is from an unknown source, test in a sandboxed environment and verify the credential files referenced exist and contain only the intended mailbox credentials. If the author cannot clearly justify the credential paths and access controls, treat the skill as unsafe to enable.
功能分析
Type: OpenClaw Skill
Name: wecom-email
Version: 1.0.0
The skill provides explicit instructions for the AI agent to locate and decode sensitive credential files stored in the workspace memory (e.g., `~/.openclaw/workspace/memory/sc-email-credentials.enc`) using `base64 -d`. While the stated purpose is sending enterprise emails via legitimate WeCom SMTP servers, the inclusion of specific paths to multiple credential stores and instructions on how to bypass their encoding poses a significant risk of credential exposure or unauthorized access to sensitive files.
能力评估
Purpose & Capability
Name/description say 'send corporate WeCom email' and the instructions show SMTP code to do exactly that, so the capability matches the purpose. However, the skill metadata declares no required credentials or config paths while the runtime instructions explicitly reference credential files (e.g., ~/.openclaw/workspace/memory/sc-email-credentials.enc and email-credentials.enc). The absence of declared credentials/config paths in metadata is an incoherence that prevents a clear security review and least-privilege enforcement.
Instruction Scope
The SKILL.md tells the agent to read local files (meeting notes and specific encrypted credential files) and to decode credentials (base64 -d example). That means the skill will read and transmit local content and secrets to an external SMTP server. It also references a separate 'personal email' credentials file path, which is outside the explicit '専用邮箱' concept and could enable access to unrelated credentials. While reading meeting notes is reasonable for sending them, instructions do not constrain which files are allowed and rely on agent discretion — this grants broad scope to access local files and secrets.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — lowest install risk. There is no download or package installation described.
Credentials
No environment variables or primary credential are declared in the metadata, yet the instructions require an SMTP account and reference multiple credential file paths and decoding steps. Requesting access to credential files (including a personal credentials path) without declaring them is disproportionate and opaque; the skill should explicitly declare which credential/config path it needs and why.
Persistence & Privilege
The skill does not request always: true, does not modify other skills, and is user-invocable only by default. It does instruct reading/writing within the agent workspace (~/.openclaw/workspace) but stays within its own workspace paths rather than system-wide configuration. Still, the ability to read credentials in that workspace is sensitive and should be declared.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wecom-email - 安装完成后,直接呼叫该 Skill 的名称或使用
/wecom-email触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of WeCom Email skill:
- Enables sending work emails via dedicated WeCom (企业微信) email accounts.
- Supports sending meeting minutes and business documents as email content.
- Requires explicit user command to send; enforces strict security and usage rules (work-related only, no sensitive data).
- Provides configuration details for SMTP, credential management, and usage examples (Python, CLI).
- Contains trigger words for activation such as “发送邮件”, “邮件通知”, and “发送会议纪要”.
元数据
常见问题
WeCom邮箱 是什么?
企业微信邮箱操作 - 使用专用邮箱发送邮件。 支持读取会议纪要、业务文档等作为邮件内容发送。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 238 次。
如何安装 WeCom邮箱?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wecom-email」即可一键安装,无需额外配置。
WeCom邮箱 是免费的吗?
是的,WeCom邮箱 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
WeCom邮箱 支持哪些平台?
WeCom邮箱 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WeCom邮箱?
由 chongjie-ran(@chongjie-ran)开发并维护,当前版本 v1.0.0。
推荐 Skills