EN

imap-smtp-email

中风险
作者:gzlicanyi | 审计时间:2026-02-26T09:59:20.936Z | 规则集:0.2.0

快速安装

将技能安装到你的 Agent

clawhub install imap-smtp-email
GitHub ClawHub

技能介绍

Read and send email via IMAP/SMTP. Check for new/unread messages, fetch content, search mailboxes, mark as read/unread, and send emails with attachments. Works with any IMAP/SMTP server including Gma…

Use authorization code (授权码), not account password
Enable IMAP/SMTP in web settings first
--limit <n>: Max results (default: 10)
--mailbox <name>: Mailbox to check (default: INBOX)
--recent <time>: Only show emails from last X time (e.g., 30m, 2h, 7d)
--mailbox <name>: Mailbox (default: INBOX)
--dir <path>: Output directory (default: current directory)
--to <email>: Recipient (comma-separated for multiple)

使用场景

1 --file <filename>: Download only the specified attachment (default: download all)
2 For Gmail: use App Password if 2FA is enabled
3 Verify server is running and accessible
4 Verify username (usually full email address)
5 For Gmail: use App Password if 2FA enabled

文档(原文)

来源:README.md
以下为作者原文(通常为英文)。安装请以页面顶部“快速安装”为准。

IMAP/SMTP Email Skill

Read and send email via IMAP/SMTP protocol. Works with any IMAP/SMTP server including Gmail, Outlook, 163.com, vip.163.com, 126.com, vip.126.com, 188.com, and vip.188.com.

Quick Setup

  1. Create .env file with your credentials:
# IMAP Configuration (receiving email)
IMAP_HOST=imap.gmail.com
IMAP_PORT=993
IMAP_USER=your@gmail.com
IMAP_PASS=your_app_password
IMAP_TLS=true
IMAP_MAILBOX=INBOX

# SMTP Configuration (sending email)
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false
SMTP_USER=your@gmail.com
SMTP_PASS=your_app_password
SMTP_FROM=your@gmail.com
  1. Install dependencies:
npm install
  1. Test the connection:
node scripts/imap.js check
node scripts/smtp.js test

IMAP Commands (Receiving Email)

Check for new emails

node scripts/imap.js check --limit 10
node scripts/imap.js check --recent 2h        # Last 2 hours
node scripts/imap.js check --recent 30m       # Last 30 minutes

Fetch specific email

node scripts/imap.js fetch <uid>

Search emails

node scripts/imap.js search --unseen
node scripts/imap.js search --from "sender@example.com"
node scripts/imap.js search --subject "important"
node scripts/imap.js search --recent 24h

Mark as read/unread

node scripts/imap.js mark-read <uid>
node scripts/imap.js mark-unread <uid>

List mailboxes

node scripts/imap.js list-mailboxes

SMTP Commands (Sending Email)

Test SMTP connection

node scripts/smtp.js test

Send email

# Simple text email
node scripts/smtp.js send --to recipient@example.com --subject "Hello" --body "World"

# HTML email
node scripts/smtp.js send --to recipient@example.com --subject "Newsletter" --html --body "<h1>Welcome</h1>"

# Email with attachment
node scripts/smtp.js send --to recipient@example.com --subject "Report" --body "Please find attached" --attach report.pdf

# Multiple recipients
node scripts/smtp.js send --to "a@example.com,b@example.com" --cc "c@example.com" --subject "Update" --body "Team update"

Common Email Servers

Provider IMAP Host IMAP Port SMTP Host SMTP Port
163.com imap.163.com 993 smtp.163.com 465
vip.163.com imap.vip.163.com 993 smtp.vip.163.com 465
126.com imap.126.com 993 smtp.126.com 465
vip.126.com imap.vip.126.com 993 smtp.vip.126.com 465
188.com imap.188.com 993 smtp.188.com 465
vip.188.com imap.vip.188.com 993 smtp.vip.188.com 465
yeah.net imap.yeah.net 993 smtp.yeah.net 465
Gmail imap.gmail.com 993 smtp.gmail.com 587
Outlook outlook.office365.com 993 smtp.office365.com 587
QQ Mail imap.qq.com 993 smtp.qq.com 587

Important for 163.com:

  • Use authorization code (授权码), not account password
  • Enable IMAP/SMTP in web settings first

Configuration Options

IMAP:

  • IMAP_HOST - Server hostname
  • IMAP_PORT - Server port
  • IMAP_USER - Your email address
  • IMAP_PASS - Your password or app-specific password
  • IMAP_TLS - Use TLS (true for SSL, false for STARTTLS)
  • IMAP_REJECT_UNAUTHORIZED - Accept self-signed certs
  • IMAP_MAILBOX - Default mailbox (INBOX)

SMTP:

  • SMTP_HOST - Server hostname
  • SMTP_PORT - Server port (587 for STARTTLS, 465 for SSL)
  • SMTP_SECURE - true for SSL (465), false for STARTTLS (587)
  • SMTP_USER - Your email address
  • SMTP_PASS - Your password or app-specific password
  • SMTP_FROM - Default sender email (optional)
  • SMTP_REJECT_UNAUTHORIZED - Accept self-signed certs

Troubleshooting

Connection errors:

  • Verify IMAP/SMTP server is running and accessible
  • Check host/port settings in .env

Authentication failed:

  • For Gmail: Use App Password (not account password if 2FA enabled)
  • For 163.com: Use authorization code (授权码), not account password

TLS/SSL errors:

  • For self-signed certs: Set IMAP_REJECT_UNAUTHORIZED=false or SMTP_REJECT_UNAUTHORIZED=false

Files

  • SKILL.md - Skill documentation
  • scripts/imap.js - IMAP CLI tool
  • scripts/smtp.js - SMTP CLI tool
  • package.json - Node.js dependencies
  • .env - Your credentials (create manually)

安全审计

中风险

摘要

Read and send email via IMAP/SMTP. Check for new/unread messages, fetch content, search mailboxes, mark as read/unread, and send emails with attachments. Works with any IMAP/SMTP server including Gmail, Outlook, 163.com, vip.163.com, 126.com, vip.126.com, 188.com, and vip.188.com.

风险画像 危险 隐私 范围 声誉 质量
打开 GitHub 仓库根目录 ClawHub 报告 / 申诉

ToxicSkills 分析

黑名单
未命中
提示词注入
未检测到

Toxic 标签

credential-accessexfiltration

当前静态检测未发现 Toxic 信号。

关键风险 0 项

暂无 LLM 风险要点(LLM 未启用或无缓存)。

确定性发现(证据)

规则 严重性 文件 片段
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 23
const DEFAULT_MAILBOX = process.env.IMAP_MAILBOX || 'INBOX';
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 50
user: process.env.IMAP_USER,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 51
password: process.env.IMAP_PASS,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 52
host: process.env.IMAP_HOST || '127.0.0.1',
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 53
port: parseInt(process.env.IMAP_PORT) || 1143,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 54
tls: process.env.IMAP_TLS === 'true',
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 56
rejectUnauthorized: process.env.IMAP_REJECT_UNAUTHORIZED !== 'false',
NET_HTTP_REQUEST skills/gzlicanyi/imap-smtp-email/scripts/imap.js 行 121
const fetch = imap.fetch(results, fetchOptions);
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 38
host: process.env.SMTP_HOST,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 39
port: parseInt(process.env.SMTP_PORT) || 587,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 40
secure: process.env.SMTP_SECURE === 'true', // true for 465, false for other ports
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 42
user: process.env.SMTP_USER,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 43
pass: process.env.SMTP_PASS,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 46
rejectUnauthorized: process.env.SMTP_REJECT_UNAUTHORIZED !== 'false',
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 70
from: options.from || process.env.SMTP_FROM || process.env.SMTP_USER,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 125
from: process.env.SMTP_FROM || process.env.SMTP_USER,
SENSITIVE_ENV skills/gzlicanyi/imap-smtp-email/scripts/smtp.js 行 126
to: process.env.SMTP_USER, // Send to self
QUALITY_README_PRESENT README 行 无
README detected

评分标准

每个技能从 5 个维度评分,加权总分决定星级。

代码毒性 100/100 (权重 30%)
隐私风险 0/100 (权重 25%)
权限范围 80/100 (权重 20%)
作者声誉 75/100 (权重 15%)
代码质量 78/100 (权重 10%)

星级说明

5★ 安全 — 总分 ≥ 80
4★ 良好 — 总分 70–79
3★ 注意 — 总分 60–69
2★ 有风险 — 总分 40–59
1★ 危险 — 总分 < 40

为何是这个评分?

以下维度评分低于 60 分,拉低了整体评级:

  • 隐私风险: 0/100

更多技能

Summarize 低风险
作者:steipete
ByteRover 高风险
作者:unknown
Notion 高风险
作者:unknown

VettedSkillsHub

从 ClawHub(ClawdBot / OpenClaw 官方市场)精选下载量前 100 的技能,进行独立 5 维度安全审计。证据透明可查,评分可复现,一键安装。

关于

本站评分为 best-effort 静态分析,分数可复现、证据可追溯。在敏感环境中仍应进行人工审计与隔离部署。

© 2026 VettedSkillsHub。ClawdBot 和 OpenClaw 为社区项目。