首页 / 技能 / Gmail Briefings — 每日邮件简报

📦 Gmail Briefings — 每日邮件简报

v1.0.0

自动列出未读/紧急邮件,提炼优先级,草拟回复并管理收件箱过滤器,帮你每日高效掌控 Gmail。

0· 389·0 当前·0 累计
deliverydriver 头像by @deliverydriver
自动化API工具云服务工作流
下载技能包
最后更新
2026/4/21
0
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
high confidence
NULL
评估建议
This skill's instructions expect the 'gog' (himalaya/gog) CLI and to read a local config (~/.config/gog/config.toml) that may contain tokens for your Gmail account, but the registry metadata does not declare these dependencies or credentials. Before installing or enabling: 1) Verify the skill's source/owner and find an authoritative repository or homepage. 2) Confirm you have and trust the 'gog' CLI; inspect what credentials it stores in ~/.config/gog/config.toml before allowing the skill to rea...
详细分析 ▾
用途与能力
The SKILL.md expects and instructs use of the 'gog' (himalaya/gog) CLI and templates/assets (e.g., assets/ and refs/gmail-filters.md) to read and act on Gmail, but the registry metadata lists no required binaries, no primary credential, and no required config paths. A Gmail triage skill would legitimately need either the gog binary or an explicit OAuth/API credential and a declared config path; those are missing here.
指令范围
Runtime instructions tell the agent to run commands like 'gog g inbox unread' and to 'read references/gog-sop.md for auth/config', and the referenced file points to '~/.config/gog/config.toml'. That implies reading user config files (likely containing tokens/OAuth state) and running a local CLI with mailbox access — actions that access sensitive data yet are not declared. The SKILL.md also references local assets and other reference files that are not present in the package.
安装机制
There is no install spec (instruction-only), which lowers installation risk, but the lack of an install declaration is inconsistent with the explicit runtime dependency on the external 'gog' CLI. The skill should declare required binaries or provide an install step for gog if it truly depends on it.
凭证需求
The skill declares no required environment variables or credentials, yet instructions reference a config path (~/.config/gog/config.toml) and a specific account (iamjh86@gmail.com). Reading that config could expose OAuth tokens or other secrets. The requested access is disproportionate to what's declared in metadata.
持久化与权限
The skill does not request always: true or other elevated persistence. It is user-invocable and allows autonomous invocation (default), which is normal for skills — but combined with the other concerns this increases potential impact.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/15

NULL

无害

安装命令

点击复制
官方npx clawhub@latest install gmail-briefings
镜像加速npx clawhub@latest install gmail-briefings --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库