首页 / 技能 / Xobni Email — AI邮箱通道

📦 Xobni Email — AI邮箱通道

v1.0.1

通过 xobni.ai 为 AI 代理提供真实邮箱地址(@xobni.ai),集成 REST API 与 MCP 服务器,支持收发邮件、搜索收件箱、管理附件及设置邮件 Webhook 通知。

0· 946·0 当前·0 累计
ghoshsanjoy78 头像by @ghoshsanjoy78
API工具智能体云服务自动化网络工具
下载技能包
最后更新
2026/4/22
0
安全扫描
VirusTotal
可疑
查看报告
OpenClaw
可疑
medium confidence
NULL
评估建议
This skill appears to implement an email API and is coherent with that purpose, but metadata failed to declare the primary API credential. Before installing: (1) verify the service domain (https://xobni.ai) and that you trust the operator, (2) expect to provide an agent-scoped API key (check that the registry entry is updated to declare something like XOBNI_KEY or a primaryEnv), (3) only give a scoped key limited to the specific agent and rotate/revoke keys when done, (4) if you configure webhoo...
详细分析 ▾
用途与能力
The name, description, SKILL.md and references/api.md consistently describe an agent-scoped email service (send/receive/search/webhooks). That functionality justifies use of an API key and webhook configuration. However, the registry metadata declares no required environment variables or primary credential even though every example uses an API key (Authorization: Bearer). The omission of a declared primary credential is an inconsistency.
指令范围
SKILL.md instructs the agent to call REST endpoints and MCP server for email operations and shows webhook setup. It does not instruct reading unrelated local files, scanning system state, or exfiltrating arbitrary data. Examples reference an environment variable ($XOBNI_KEY) and suggest creating a scoped API key — again, this is expected for the service but should be declared in metadata.
安装机制
This is an instruction-only skill with no install spec and no code files — low install risk. Nothing is downloaded or written to disk by the skill package itself.
凭证需求
The service legitimately requires an agent-scoped API key; that is proportionate. The concern is metadata claims 'no required env vars' and 'primary credential: none' while examples use $XOBNI_KEY/Authorization headers. This mismatch could be simple metadata omission, but it means the skill packaging does not clearly declare the secret it needs — a transparency and governance issue. Also note webhooks will deliver snippets and webhook secrets are returned once; users must protect webhook endpoints.
持久化与权限
The skill is not always-enabled and does not request system config paths or modify other skills. It appears not to require elevated persistence or cross-skill privileges.
安全有层次,运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/2/12

NULL

可疑

安装命令

点击复制
官方npx clawhub@latest install xobni
镜像加速npx clawhub@latest install xobni --registry https://cn.longxiaskill.com
数据来源ClawHub ↗ · 中文优化:龙虾技能库