by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill largely does what it says (send/read emails), but there are several things to check before installing or enabling it:
- Missing declared dependency: the scripts call 'openclaw agent' but the skill only declares python3. Ensure the 'openclaw' CLI is present and you understand what it can do — the skill relies on it to invoke LLM-driven actions and to write to agent memory.
- Sensitive credentials: the skill requires a plaintext ~/.config/lel-mail/config.json with account passwords/app...详细分析 ▾
⚠ 用途与能力
Name/description promise (send/read email) mostly matches the files, but the runtime depends on invoking the 'openclaw' agent binary for LLM-driven decisions and for writing to agent memory/sessions. The declared required binaries list only 'python3' — 'openclaw' is a required runtime dependency but is not declared. That mismatch is unexpected and disproportionate.
⚠ 指令范围
The scripts do more than just fetch/send mail: check_email.sh asks the LLM to classify emails and then issues further 'openclaw agent' commands that instruct the agent to scan memory banks, write to MEMORY.md, locate user sessions, and proactively reach out or request inputs. This gives the skill broad discretion to read and modify agent memory and contact users, which goes beyond a narrow mail fetch/send scope.
✓ 安装机制
Instruction-only skill with shipped scripts (no remote installers). Nothing is downloaded from external URLs; code is local. This is a lower install risk, but files will be written to the user's home config paths when used.
ℹ 凭证需求
No declared environment variables, which is reasonable, but the skill requires a local config.json containing email account credentials (user/password or app-specific password). Storing raw passwords in ~/.config/lel-mail/config.json is necessary for SMTP/IMAP but is sensitive and not enforced by the metadata. Also, the script relies on the 'openclaw' CLI (undeclared), which is a credential/privilege vector because the skill asks that CLI to take actions on agent memory and sessions.
ℹ 持久化与权限
The skill does not set always:true, but SKILL.md instructs the user to add a cron job to run the email_sender_daemon regularly. Combined with the agent-invocation behavior, that cron-driven persistence plus autonomous agent calls can send emails and alter agent memory without interactive approval. The skill does not modify other skills' configs directly, but it requests writing into agent memory files.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.1.42026/2/20
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install lel-mail
镜像加速npx clawhub@latest install lel-mail --registry https://cn.longxiaskill.com