imap-smtp-email
中风险 · 65 评分:65/100
作者:gzlicanyi | 审计时间:2026-02-05T09:18:25.242Z | 规则集:0.1.0
技能介绍
Read and send email via IMAP/SMTP. Check for new/unread messages, fetch content, search mailboxes, mark as read/unread, and send emails with attachments. Works with any IMAP/SMTP server including Gma…
✨ Use authorization code (授权码), not account password
✨ Enable IMAP/SMTP in web settings first
✨
--limit <n>: Max results (default: 10) ✨
--mailbox <name>: Mailbox to check (default: INBOX) ✨
--recent <time>: Only show emails from last X time (e.g., 30m, 2h, 7d) ✨
--mailbox <name>: Mailbox (default: INBOX) ✨
--dir <path>: Output directory (default: current directory) ✨
--to <email>: Recipient (comma-separated for multiple) 使用场景
1
--file <filename>: Download only the specified attachment (default: download all) 2 For Gmail: use App Password if 2FA is enabled
3 Verify server is running and accessible
4 Verify username (usually full email address)
5 For Gmail: use App Password if 2FA enabled
安全审计
中风险 · 65
摘要
Read and send email via IMAP/SMTP. Check for new/unread messages, fetch content, search mailboxes, mark as read/unread, and send emails with attachments. Works with any IMAP/SMTP server including Gmail, Outlook, 163.com, vip.163.com, 126.com, vip.126.com, 188.com, and vip.188.com.
风险画像
关键风险 0 项
暂无 LLM 风险要点(LLM 未启用或无缓存)。
确定性发现(证据)
| 规则 | 严重性 | 文件 | 片段 |
|---|---|---|---|
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 23 | const DEFAULT_MAILBOX = process.env.IMAP_MAILBOX || 'INBOX'; |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 50 | user: process.env.IMAP_USER, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 51 | password: process.env.IMAP_PASS, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 52 | host: process.env.IMAP_HOST || '127.0.0.1', |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 53 | port: parseInt(process.env.IMAP_PORT) || 1143, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 54 | tls: process.env.IMAP_TLS === 'true', |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 56 | rejectUnauthorized: process.env.IMAP_REJECT_UNAUTHORIZED !== 'false', |
| NET_HTTP_REQUEST | medium | skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 121 | const fetch = imap.fetch(results, fetchOptions); |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 38 | host: process.env.SMTP_HOST, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 39 | port: parseInt(process.env.SMTP_PORT) || 587, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 40 | secure: process.env.SMTP_SECURE === 'true', // true for 465, false for other ports |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 42 | user: process.env.SMTP_USER, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 43 | pass: process.env.SMTP_PASS, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 46 | rejectUnauthorized: process.env.SMTP_REJECT_UNAUTHORIZED !== 'false', |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 70 | from: options.from || process.env.SMTP_FROM || process.env.SMTP_USER, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 125 | from: process.env.SMTP_FROM || process.env.SMTP_USER, |
| SENSITIVE_ENV | medium | skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 126 | to: process.env.SMTP_USER, // Send to self |
| QUALITY_README_PRESENT | low | README 行 无 | README detected |