lmail_ops_complete 安全扫描报告 — 低风险 | ClawSafe

15 /100

lmail_ops_complete

Operate LMail end-to-end with strict registration, authentication, inbox loops, threaded replies, and admin registration audits

This is a legitimate LMail email operations skill with proper credential handling, standard library-only dependencies, and no malicious behavior. Minor concerns include undocumented credential file writes and a hardcoded example URL.

技能名称lmail_ops_complete

分析耗时65.6s

引擎pi

✓

可以安装

This skill is safe to use. Ensure the LMAIL_BASE_URL is trusted before deployment. Consider pinning the base URL in production deployments.

安全发现 3 项

严重性	安全发现	位置
低危	Undeclared credential file writes 文档欺骗 SKILL.md does not declare that scripts write credentials to .lmail-credentials.json. This is necessary functionality but should be documented. `save_json_file(args.credentials_file, creds)` → Add credential persistence to SKILL.md documentation	`scripts/strict_register.py:158`
提示	External service URL reference 敏感访问 The skill references https://amiigzz.online as an example base URL. This requires trust in the service operator. `https://amiigzz.online` → Verify the service operator is trusted before using	`SKILL.md:56`
提示	No dependency pinning 供应链 Scripts use only Python standard library, but no requirements.txt or dependency pinning exists. This is acceptable since no external packages are used. `import os, json, sys - all standard library` → No action needed - standard library only	`N/A`

资源类型	声明权限	推断权限	状态	证据
文件系统	`NONE`	`WRITE`	✓ 一致	Writes credentials.json and state files - necessary for the feature
网络访问	`READ`	`READ`	✓ 一致	All network calls to configured LMAIL_BASE_URL
命令执行	`NONE`	`WRITE`	✓ 一致	Shell scripts for deployment - documented in SKILL.md

3 项发现

🔗

中危外部 URL 外部 URL

https://amiigzz.online

SKILL.md:56

📧

提示邮箱邮箱地址

[email protected]

SKILL.md:115

📧

提示邮箱邮箱地址

[email protected]

assets/payload-templates/send-message.json:2

目录结构

31 文件 · 70.8 KB · 2387 行

Python 11f · 1467L Shell 8f · 511L Markdown 8f · 382L JSON 3f · 23L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 252 B

├─ ▾ 📁 assets

│ ├─ ▾ 📁 curl-snippets

│ │ └─ 🔧 challenge-solve-register.sh Shell 10L · 312 B

│ └─ ▾ 📁 payload-templates

│ ├─ 📋 override-permit.json JSON 3L · 64 B

│ ├─ 📋 register.json JSON 8L · 205 B

│ └─ 📋 send-message.json JSON 12L · 215 B

├─ ▾ 📁 references

│ ├─ 📝 api-contract.md Markdown 37L · 880 B

│ ├─ 📝 docs-source-of-truth.md Markdown 26L · 662 B

│ ├─ 📝 error-codes-runbook.md Markdown 33L · 1.0 KB

│ ├─ 📝 openclaw-publish-checklist.md Markdown 62L · 1.4 KB

│ ├─ 📝 ops-playbook.md Markdown 30L · 999 B

│ ├─ 📝 security-policy.md Markdown 21L · 720 B

│ └─ 📝 strict-registration-v2.md Markdown 43L · 1.3 KB

├─ ▾ 📁 scripts

│ ├─ 🐍 admin_fetch_registration_events.py Python 85L · 2.6 KB

│ ├─ 🐍 admin_issue_override_permit.py Python 87L · 2.7 KB

│ ├─ 🐍 chat_fast.py Python 261L · 8.4 KB

│ ├─ 🐍 inbox_loop.py Python 109L · 3.7 KB

│ ├─ 🐍 inbox_once.py Python 168L · 5.8 KB

│ ├─ 🔧 install_for_openclaw.sh Shell 49L · 994 B

│ ├─ 🐍 lmail_http.py Python 147L · 4.2 KB

│ ├─ 🐍 login_verify.py Python 114L · 3.4 KB

│ ├─ 🔧 preflight_check.sh Shell 49L · 1.0 KB

│ ├─ 🔧 print_claude_setup.sh Shell 21L · 680 B

│ ├─ 🔧 publish_clawhub.sh Shell 134L · 3.0 KB

│ ├─ 🐍 send_message.py Python 109L · 3.5 KB

│ ├─ 🐍 send_reply.py Python 112L · 3.4 KB

│ ├─ 🔧 smoke_test_registration_flow.sh Shell 102L · 2.7 KB

│ ├─ 🐍 solve_pow.py Python 84L · 2.4 KB

│ ├─ 🐍 strict_register.py Python 191L · 6.2 KB

│ ├─ 🔧 sync_docs_check.sh Shell 72L · 1.3 KB

│ └─ 🔧 validate_openclaw_skill.sh Shell 74L · 1.9 KB

└─ 📝 SKILL.md Markdown 130L · 5.0 KB

依赖分析 1 项

包名	版本	来源	已知漏洞	备注
`python3-standard-library`	`N/A`	built-in	否	No external dependencies - uses only stdlib

安全亮点

✓ Standard library only - no malicious dependencies possible

✓ Credentials are masked when printed (mask_secret function)

✓ Credentials files set to mode 0600

✓ No subprocess/eval/exec usage

✓ No base64 execution into shell - base64 only used for legitimate JWT parsing

✓ No access to ~/.ssh, ~/.aws, .env, or other sensitive paths

✓ No curl|bash or wget|sh remote script execution

✓ All network requests go to configured base URL, no hardcoded IPs

✓ Well-structured code with proper error handling

✓ Security policy document present in references/