Skill Trust Decision
recruit-email-monitor
Hardcoded real email credentials (QQ and 163 authorization codes) are exposed in source code, enabling unauthorized account access to anyone who downloads this skill.
Most direct threat evidence
Critical Credential Theft
Hardcoded QQ Email Authorization Code Real QQ email authorization code 'bxfwjdtvienzdihi' for account [email protected] is hardcoded directly in source code at line 19. This credential grants full POP3 access to the email account.
scripts/email-heartbeat-check.py:19 Why this conclusion was reached
1/4 dimensions flagged Pass
Declared vs actual capability
Declared resources and inferred behavior are broadly aligned.
Review
Hidden execution and egress
4 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 4 attack-chain steps and 4 severe findings.
Review
Dependencies and supply chain hygiene
1 dependency or supply-chain issues need attention.
Attack Chain
01
Attacker clones/downloads the skill from repository
reconnaissance · github.com/nhaoxi/recruit-email-monitor
02
Attacker reads email-heartbeat-check.py and extracts hardcoded credentials
exploitation · scripts/email-heartbeat-check.py:19
03
Attacker uses extracted credentials to access QQ email ([email protected]) via POP3
Impact · scripts/email-heartbeat-check.py:19
04
Attacker uses extracted credentials to access 163 email ([email protected]) via POP3
Impact · scripts/email-heartbeat-check.py:25
What drove the risk score up
Hardcoded credentials in source code +35
Real QQ email authorization code 'bxfwjdtvienzdihi' and 163 authorization code 'XStys36TXuV6geTq' hardcoded in email-heartbeat-check.py lines 19,25
Doc-to-code mismatch +15
SKILL.md line 16 shows placeholder '[email protected]' but code contains real credential '[email protected]'
Sensitive path exposure +10
Hardcoded paths reveal author username '/home/erhao/shared/'
Credential harvesting from source +8
Anyone can extract credentials by reading the Python script
Most important evidence
Critical Credential Theft
Hardcoded QQ Email Authorization Code
Real QQ email authorization code 'bxfwjdtvienzdihi' for account [email protected] is hardcoded directly in source code at line 19. This credential grants full POP3 access to the email account.
scripts/email-heartbeat-check.py:19 Immediately rotate this authorization code in QQ mail settings and replace with environment variable: os.environ.get('QQ_EMAIL_AUTH_CODE')
Critical Credential Theft
Hardcoded 163 Email Authorization Code
Real 163 email authorization code 'XStys36TXuV6geTq' for account [email protected] is hardcoded directly in source code at line 25. This credential grants full POP3 access to the email account.
scripts/email-heartbeat-check.py:25 Immediately rotate this authorization code in 163 mail settings and replace with environment variable: os.environ.get('MAIL_163_AUTH_CODE')
High Doc Mismatch
Documentation Shows Placeholders, Code Contains Real Credentials
SKILL.md line 16 and INSTALL.md show placeholder credentials like '[email protected]' and 'your_auth_code', but the actual code contains real, working credentials. This creates a deceptive situation where documentation suggests configuration is needed, but real credentials are already present.
scripts/email-heartbeat-check.py:16 Remove all real credentials from source code. Use placeholder values that clearly indicate configuration is required.
High Sensitive Access
Hardcoded Author Path Exposure
Multiple hardcoded paths reveal the original author's username 'erhao' including /home/erhao/shared/ and /home/erhao/.openclaw/. This exposes private directory structure.
scripts/email-heartbeat-check.py:51 Use environment variables or relative paths for file storage: os.path.expanduser('~/shared/...') or get from config.
Medium Credential Theft
Hardcoded Feishu User ID
Feishu user ID 'ou_8de02604ccd510eeb4897ffd70d96c1d' is hardcoded in both scripts at lines 155 and 281. While not a secret credential, it links the skill to a specific user.
scripts/email-heartbeat-check.py:155 Move to configuration file or environment variable.
Declared capability vs actual capability
Network Pass
Declared READ
→ Inferred READ
poplib.POP3_SSL connections to email servers (declared) Filesystem Pass
Declared WRITE
→ Inferred WRITE
openpyxl workbook saves, JSON writes to /home/erhao/.openclaw/ Shell Pass
Declared WRITE
→ Inferred WRITE
subprocess.run(['openclaw', 'message', 'send']) at lines 155, 281 Suspicious artifacts and egress
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| openpyxl | * | pip | No | Version not pinned but widely used, no known vulnerabilities relevant to this use case |
File composition
7 files · 1267 lines
Python 2 files · 625 linesMarkdown 3 files · 575 linesJSON 2 files · 67 lines
Files of concern · 2
scripts/email-heartbeat-check.py Hardcoded QQ Email Authorization Code · Hardcoded 163 Email Authorization Code · Documentation Shows Placeholders, Code Contains Real Credentials · Hardcoded Author Path Exposure · Hardcoded Feishu User ID · [email protected] · [email protected]
README.md Other files · email-daily-briefing.py · INSTALL.md · SKILL.md · cron-jobs.json · _meta.json
Security positives
Subprocess usage for openclaw CLI is documented and declared
No base64 encoding or obfuscation detected
No reverse shell or C2 communication patterns
No malicious dependencies detected (only openpyxl)
No evidence of intentional data exfiltration beyond email monitoring purpose