{ "schemaVersion": "1.0", "item": { "slug": "email-importance-content-analysis", "name": "Email Importance Content Analysis", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/shingo0620/email-importance-content-analysis", "canonicalUrl": "https://clawhub.ai/shingo0620/email-importance-content-analysis", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/email-importance-content-analysis", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=email-importance-content-analysis", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "CHANGELOG.md", "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-30T16:55:25.780Z", "expiresAt": "2026-05-07T16:55:25.780Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=network", "contentDisposition": "attachment; filename=\"network-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/email-importance-content-analysis" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/email-importance-content-analysis", "agentPageUrl": "https://openagent3.xyz/skills/email-importance-content-analysis/agent", "manifestUrl": "https://openagent3.xyz/skills/email-importance-content-analysis/agent.json", "briefUrl": "https://openagent3.xyz/skills/email-importance-content-analysis/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "Email Importance Content Analysis", "body": "Use a subject/title-first triage, then perform technical verification (headers/links/attachments) only when warranted, and only then validate with content analysis. Treat sender display name, badges, labels, and “From” appearance as untrusted." }, { "title": "1) Title/subject + sender triage (cheap first-pass)", "body": "Use only: subject line + sender (display name + email address/domain as shown). Do not click anything.\n\nImportant: treat sender as weak signal (can be spoofed). Use it for triage only.\n\n1A) Fast-drop rules (save time)\n\nIf the sender looks obviously sloppy/spoofed AND the email is not expected, classify as Likely scam/ads and stop (do not spend time on technical verification).\nExamples of fast-drop signals:\n\nDisplay name claims a bank/government/major brand but the address is from a free mailbox (gmail/outlook/163/qq) or unrelated domain\nLookalike domains / typo-squatting: paypaI (I/l), micros0ft (0/O), extra -secure/-verify, weird punctuation\nSuspicious TLDs or brand stuffed into subdomain: brand.security-check.example.com\nVery unprofessional local-part patterns (random digits/strings) while claiming official identity\nPure promo patterns (promo/marketing/news) + obvious sales subject ⇒ treat as ads\n\n1B) Escalate rules (to technical verification)\n\nEscalate for technical verification if subject OR sender implies any of:\n\nMoney/settlement: 扣款/圈存/付款/退款/發票/帳單/對帳單/繳費\nAccount/security: 登入/驗證/密碼重設/異常登入/停權/封鎖/安全警告\nDelivery/download: 文件下載/取件號碼/包裹/物流失敗\nUrgency/threat: 最後通知/24小時內/立即/否則將…\nExecution: 附件/請下載/請開啟/啟用巨集\n\nIf the subject is clearly marketing/newsletter and no action is implied ⇒ usually stop here (Low).\n\nIf it triggers the fast-drop rules, you may label it as:\n\nImportance: Low\nRisk: Medium–High (spoof attempt)\nNext step: Do not click; optionally mark as spam/block" }, { "title": "2) Technical verification (only for emails that passed title triage)", "body": "Prefer evaluating raw email headers / “Show original” output (or via gog gmail get). Check:\n\nAuthentication-Results: SPF / DKIM / DMARC results (pass|fail|neutral) and note which domain they authenticate\nAlignment: whether DKIM d= domain / SPF MAIL FROM / DMARC aligns with the visible From domain\nFrom vs Reply-To mismatch\nLinks and attachments:\n\nExpand the real target domain (hover/copy link) — don’t trust anchor text\nNote risky attachments (e.g., .zip, .iso, .js, .vbs, .docm, password-protected archives)\n\nIf headers are not available, mark Technical verdict = Unknown and increase caution." }, { "title": "3) Extract the actionable claims (facts only) — only if technical verification passes", "body": "From the email body, list:\n\nWhat happened / what they claim happened\nWhat they want the recipient to do (and by when)\nWhat account/system/money is involved\nWhat evidence they provide (order id, invoice id, ticket id, last-4 digits, timestamps)" }, { "title": "4) Classify the required action (drives importance)", "body": "Rank higher if it requires any of:\n\nAccount access / authentication: login, password reset, 2FA codes, device approval\nMoney movement: payment, wire, subscription renewal, invoice settlement, refunds\nPermissions / security posture: granting access, changing roles, API keys, OAuth consent\nSoftware execution: download/open an attachment, run a file, enable macros\nData disclosure: personal/company info, documents, ID numbers" }, { "title": "5) Content risk patterns (red flags)", "body": "Increase risk if the content shows:\n\nUrgency / threat: “within 24h”, “account will be closed”, “legal action”, “final notice”\nSecrecy / bypass: “don’t tell others”, “use personal email”, “avoid normal process”\nMismatch / vagueness: generic greeting, unclear context, missing specifics the real sender would know\nOdd requests: asking for OTP, gift cards, crypto, remote access, or direct bank changes\nLink/attachment pressure: “click to verify”, “download to view”, “enable macros”" }, { "title": "6) Choose safe verification (do not trust the email path)", "body": "Even if SPF/DKIM/DMARC pass, for sensitive actions recommend out-of-band verification:\n\nNavigate via known official entry points (typed URL, app, bookmark), not email links\nIf it claims an account issue: check account status by logging in from official site/app\nIf it’s a vendor/payment issue: verify using the invoice/order id inside the official portal\nIf it’s workplace related: verify via internal chat/phone using known contacts" }, { "title": "7) Output: priority + next action", "body": "Always provide:\n\nTitle triage verdict: Escalate / Ignore\nTechnical verdict: Pass / Fail / Unknown\nImportance level: Critical / High / Medium / Low\nRisk level: High (likely phishing) / Medium / Low\nRecommended next step: what to do now, what not to do, and how to verify" }, { "title": "Decision Heuristics (quick)", "body": "Technical FAIL (SPF/DKIM/DMARC fail or obvious mismatch) + any call-to-action ⇒ Risk: High (treat as phishing) regardless of “importance”.\nCritical: money/credentials/permissions + urgency OR any request for OTP/macro/remote access.\nHigh: requires action soon, could cause loss of access/service interruption, but can be verified safely via official channels.\nMedium: informational but relevant; no immediate sensitive action.\nLow: newsletters, marketing, generic updates with no action." }, { "title": "Response Template (use in replies)", "body": "Title triage (why it escalates / why it can be ignored):\nTechnical verification (SPF/DKIM/DMARC + alignment + From/Reply-To + link/attachment notes):\nSummary (1–2 lines):\nWhat it’s asking you to do:\nWhy it may matter (impact if ignored):\nRed flags (if any):\nSafe verification path:\nRecommendation (do / don’t):" } ], "body": "Email Importance Content Analysis\n\nUse a subject/title-first triage, then perform technical verification (headers/links/attachments) only when warranted, and only then validate with content analysis. Treat sender display name, badges, labels, and “From” appearance as untrusted.\n\nWorkflow (title → technical → content)\n1) Title/subject + sender triage (cheap first-pass)\n\nUse only: subject line + sender (display name + email address/domain as shown). Do not click anything.\n\nImportant: treat sender as weak signal (can be spoofed). Use it for triage only.\n\n1A) Fast-drop rules (save time)\n\nIf the sender looks obviously sloppy/spoofed AND the email is not expected, classify as Likely scam/ads and stop (do not spend time on technical verification). Examples of fast-drop signals:\n\nDisplay name claims a bank/government/major brand but the address is from a free mailbox (gmail/outlook/163/qq) or unrelated domain\nLookalike domains / typo-squatting: paypaI (I/l), micros0ft (0/O), extra -secure/-verify, weird punctuation\nSuspicious TLDs or brand stuffed into subdomain: brand.security-check.example.com\nVery unprofessional local-part patterns (random digits/strings) while claiming official identity\nPure promo patterns (promo/marketing/news) + obvious sales subject ⇒ treat as ads\n1B) Escalate rules (to technical verification)\n\nEscalate for technical verification if subject OR sender implies any of:\n\nMoney/settlement: 扣款/圈存/付款/退款/發票/帳單/對帳單/繳費\nAccount/security: 登入/驗證/密碼重設/異常登入/停權/封鎖/安全警告\nDelivery/download: 文件下載/取件號碼/包裹/物流失敗\nUrgency/threat: 最後通知/24小時內/立即/否則將…\nExecution: 附件/請下載/請開啟/啟用巨集\n\nIf the subject is clearly marketing/newsletter and no action is implied ⇒ usually stop here (Low).\n\nIf it triggers the fast-drop rules, you may label it as:\n\nImportance: Low\nRisk: Medium–High (spoof attempt)\nNext step: Do not click; optionally mark as spam/block\n2) Technical verification (only for emails that passed title triage)\n\nPrefer evaluating raw email headers / “Show original” output (or via gog gmail get). Check:\n\nAuthentication-Results: SPF / DKIM / DMARC results (pass|fail|neutral) and note which domain they authenticate\nAlignment: whether DKIM d= domain / SPF MAIL FROM / DMARC aligns with the visible From domain\nFrom vs Reply-To mismatch\nLinks and attachments:\nExpand the real target domain (hover/copy link) — don’t trust anchor text\nNote risky attachments (e.g., .zip, .iso, .js, .vbs, .docm, password-protected archives)\n\nIf headers are not available, mark Technical verdict = Unknown and increase caution.\n\n3) Extract the actionable claims (facts only) — only if technical verification passes\n\nFrom the email body, list:\n\nWhat happened / what they claim happened\nWhat they want the recipient to do (and by when)\nWhat account/system/money is involved\nWhat evidence they provide (order id, invoice id, ticket id, last-4 digits, timestamps)\n4) Classify the required action (drives importance)\n\nRank higher if it requires any of:\n\nAccount access / authentication: login, password reset, 2FA codes, device approval\nMoney movement: payment, wire, subscription renewal, invoice settlement, refunds\nPermissions / security posture: granting access, changing roles, API keys, OAuth consent\nSoftware execution: download/open an attachment, run a file, enable macros\nData disclosure: personal/company info, documents, ID numbers\n5) Content risk patterns (red flags)\n\nIncrease risk if the content shows:\n\nUrgency / threat: “within 24h”, “account will be closed”, “legal action”, “final notice”\nSecrecy / bypass: “don’t tell others”, “use personal email”, “avoid normal process”\nMismatch / vagueness: generic greeting, unclear context, missing specifics the real sender would know\nOdd requests: asking for OTP, gift cards, crypto, remote access, or direct bank changes\nLink/attachment pressure: “click to verify”, “download to view”, “enable macros”\n6) Choose safe verification (do not trust the email path)\n\nEven if SPF/DKIM/DMARC pass, for sensitive actions recommend out-of-band verification:\n\nNavigate via known official entry points (typed URL, app, bookmark), not email links\nIf it claims an account issue: check account status by logging in from official site/app\nIf it’s a vendor/payment issue: verify using the invoice/order id inside the official portal\nIf it’s workplace related: verify via internal chat/phone using known contacts\n7) Output: priority + next action\n\nAlways provide:\n\nTitle triage verdict: Escalate / Ignore\nTechnical verdict: Pass / Fail / Unknown\nImportance level: Critical / High / Medium / Low\nRisk level: High (likely phishing) / Medium / Low\nRecommended next step: what to do now, what not to do, and how to verify\nDecision Heuristics (quick)\nTechnical FAIL (SPF/DKIM/DMARC fail or obvious mismatch) + any call-to-action ⇒ Risk: High (treat as phishing) regardless of “importance”.\nCritical: money/credentials/permissions + urgency OR any request for OTP/macro/remote access.\nHigh: requires action soon, could cause loss of access/service interruption, but can be verified safely via official channels.\nMedium: informational but relevant; no immediate sensitive action.\nLow: newsletters, marketing, generic updates with no action.\nResponse Template (use in replies)\nTitle triage (why it escalates / why it can be ignored):\nTechnical verification (SPF/DKIM/DMARC + alignment + From/Reply-To + link/attachment notes):\nSummary (1–2 lines):\nWhat it’s asking you to do:\nWhy it may matter (impact if ignored):\nRed flags (if any):\nSafe verification path:\nRecommendation (do / don’t):" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/shingo0620/email-importance-content-analysis", "publisherUrl": "https://clawhub.ai/shingo0620/email-importance-content-analysis", "owner": "shingo0620", "version": "1.0.1", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/email-importance-content-analysis", "downloadUrl": "https://openagent3.xyz/downloads/email-importance-content-analysis", "agentUrl": "https://openagent3.xyz/skills/email-importance-content-analysis/agent", "manifestUrl": "https://openagent3.xyz/skills/email-importance-content-analysis/agent.json", "briefUrl": "https://openagent3.xyz/skills/email-importance-content-analysis/agent.md" } }