📦 EngageLab Email — 邮件发送

v1.0.1

通过 EngageLab REST API 一键发送邮件，支持普通/模板/变量替换/附件等全场景，无需自建 SMTP。

0· 268·1 当前·1 累计

by @devengagelab (DevEngageLab)

API工具自动化云服务

下载技能包

最后更新

2026/4/21

安全扫描

VirusTotal

无害

查看报告

OpenClaw

可疑

medium confidence

The skill appears to implement an EngageLab email client, but its package metadata and SKILL.md don't declare the sensitive credentials it needs (api_user/api_key) and there are minor mismatches between what is claimed and what is required.

评估建议

This skill's code implements an EngageLab email sender and needs an api_user and api_key, but the skill metadata does not declare those credentials — that mismatch is the main red flag. Before installing or using it: (1) confirm the EngageLab endpoints and operator (no homepage is provided); (2) do NOT paste API credentials into chat prompts — instead provide them via whatever secret/env mechanism your platform supports; (3) ask the publisher to declare the required environment variables (e.g., ...

详细分析 ▾

ℹ 用途与能力

The skill's name, description, and code (scripts/send_email.py + api_spec) match: it's an email-sending client for EngageLab. However, the metadata declares no required environment variables or primary credential even though the code requires an API user and API key to authenticate with EngageLab. The absence of a declared credential is an incoherence.

✓ 指令范围

The SKILL.md and included scripts focus on constructing and POSTing email payloads to EngageLab endpoints and handling attachments. The instructions do not ask the agent to read unrelated system files or network endpoints beyond the EngageLab API. Example code includes reading a local file only as an attachment example, which is within scope.

ℹ 安装机制

This is an instruction-only skill with bundled Python scripts (no install spec). Running the scripts requires Python and the 'requests' package, but the metadata does not declare that dependency. No remote downloads or obscure installers are used, so installation risk is low, but runtime prerequisites are not documented.

⚠ 凭证需求

The Python code requires sensitive credentials (api_user and api_key) to build Basic auth for the API, but the skill metadata lists no required env vars or primary credential. That mismatch increases the chance credentials will be supplied insecurely (e.g., pasted into prompts) or overlooked. No other unrelated secrets are requested.

✓ 持久化与权限

The skill does not request persistent/global privileges (always is false) and does not modify other skills or global config. It runs as an on-demand helper; autonomy is allowed by default but not unusual.

安全有层次，运行前请审查代码。

运行时依赖

无特殊依赖

版本

latestv1.0.12026/3/11

- Translated all documentation from Chinese to English for broader accessibility. - No functional or file changes; this is a documentation update only. - Clarified descriptions and use cases for each core feature in English. - Updated examples and terminology for consistency and clarity.

● 无害

安装命令

点击复制

官方npx clawhub@latest install engagelab-email

镜像加速npx clawhub@latest install engagelab-email --registry https://cn.longxiaskill.com

数据来源：ClawHub ↗ · 中文优化：龙虾技能库