Use this skill when the user wants to perform security analysis on an email (.eml) file. The skill provides a comprehensive security assessment report by uploading the file to the Mailscope analysis platform.
Respond in the user's language. If they write in Chinese, reply in Chinese; if English, English. Keep technical tokens (paths, flags, field names) in English.
When the user provides an API key (e.g., "我的 key 是 msk_xxx", "帮我配置 API Key", "set api key to msk_xxx", "这是key: msk_xxx"), write it into config.json:
config.json exists in the skill root directory. If not, read config.json.example as a template and create config.json from it.config.json and parse it as JSON.api_key field to the key the user provided.config.json (use 2-space indentation for readability).The user gets their API key by applying at https://x.lizhisec.com. If they ask where to get one, point them there.
Before running the analysis, verify these conditions are met:
node --version. If not available, tell the user to install Node.js 22+.api_key. If missing, guide the user through Step 0 above.npx tsx scripts/analyze.ts <path/to/email.eml>
The script will:
The report output is self-contained and human-readable. Key elements to help the user understand:
risky (dangerous), clean (safe), or other levelsIf the email is flagged as risky, emphasize the recommended actions:
Common errors and how to address them:
| Error | Cause | Solution |
|---|---|---|
| ------- | ------- | ---------- |
| API key not configured | Missing or empty config.json | Guide user to set up config.json |
| Upload failed (HTTP 4xx) | Invalid API key | Re-apply at https://x.lizhisec.com |
| Analysis failed | Email could not be processed | Check if the .eml file is malformed |
| Analysis timeout | Platform overloaded | Wait and retry later |
| File not found | Path typo | Verify the .eml file path |
config.json unless the user explicitly asked you to configure their API key (see Step 0)共 1 个版本