Use a persistent OpenClaw browser profile to access http://mail.ztpc.com/ (Aliyun Enterprise Mail),
scan UNREAD emails only, and conservatively mark obvious spam / phishing as Spam (never delete).
The skill's final message to the user MUST be Chinese and short (summary only).
> Key constraint: This mailbox may sometimes require captcha/SMS/2FA.
> - Captcha / slider / click-to-verify: always stop and report that manual verification is required.
> - SMS 2FA: if interactive_2fa=true (human-in-the-loop), you may request the code from the user and continue; otherwise stop.
Invoke as:
/skill mail-spam-sweep {"dry_run": true|false, "max":
dry_run (default: false):true: evaluate and report only; do not click "Mark as spam".false: mark decided SPAM emails as spam (no deletion).max (default: 20, hard cap: 50): max number of unread emails to evaluate.interactive_2fa (default: false):false (recommended for cron/unattended runs): if SMS/2FA is required, STOP and report manual verification needed.true (interactive runs only): if SMS/2FA page appears, the skill may:1) click "Send Verification Code",
2) ask the user to provide the SMS code (usually 6 digits, valid ~5 minutes),
3) fill the code and proceed,
4) tick "trusted device" if available to reduce future prompts.
Path:
~/.openclaw/workspace/skills/ztpc-spam-sweep/secrets.json
Format:
{"username":"ztpc@ztpc.com","password":"YOUR_PASSWORD"}
Rules:
Path:
~/.openclaw/workspace/skills/ztpc-spam-sweep/allowlist.txt
Format: one entry per line (domain or full email). # starts a comment.
Example:
# trusted domains
ztpc.com
cnpe.cc
cgnpc.com.cn
Matching rule:
the message is NEVER treated as spam (unless explicit blocklist match).
Path:
~/.openclaw/workspace/skills/ztpc-spam-sweep/blocklist.txt
Format: one entry per line (domain or full email). # starts a comment.
Matching rule:
defaultProfile (recommended: openclaw). 状态:需要人工验证(验证码/二次验证)
interactive_2fa=true: proceed with human-in-the-loop SMS code entry (see Step 1). 状态:需要人工验证(验证码/二次验证)
1) Blocklist hit -> SPAM
2) Allowlist hit -> NOT SPAM (skip)
3) Otherwise -> apply heuristic rules below.
Mark as SPAM if ANY of the following is true:
A1. Brand / authority impersonation + mismatch
AND sender domain is NOT clearly matching that authority context.
Authority keywords (Chinese/English examples):
管理员, 安全中心, 客服, 官方, 银行, 税务, 法院, 公安, 财务, 出纳, 人事, IT, 邮箱, 系统admin, security, support, official, bank, tax, court, police, finance, hr, itA2. Financial / process hijack / urgent secrecy
Subject or preview contains patterns like:
紧急, 立即, 限时, 最后一次, 逾期, 冻结, 异常, 验证, 认证, 升级, 重新登录, 安全提醒AND at least one of:
转账, 付款, 汇款, 收款账户变更, 开票信息变更, 财务指令, 保密, 不要走流程OR a suspicious link/download instruction:
点击链接, 下载, 附件查看, 打开文件A3. Obvious scam / phishing template
A4. Non-business mass marketing pattern
中奖, 返利, 贷款, 低息, 套现, 博彩, 娱乐城, 发票代开, 代开发票, 刷单, 兼职日结, 理财高收益, 稳赚
(Treat as SPAM unless allowlisted.)
If no strong-evidence rule hit, compute a risk score from subject + preview + sender signals.
Score additions (examples):
点击链接|登录验证|重新认证|过期|异常|冻结|升级|安全提醒紧急|立即|限时|最后一次提醒|逾期账单|发票|报销|付款|转账|合同款|对账qq.com|163.com|126.com|gmail.com|outlook.com) while claiming authority keywordsScore reductions:
(Examples: 联系单, 函, 函件, 项目部,月报, 周报, 日报)
Decision threshold:
> This is intentionally conservative; tune thresholds/keywords by editing this file and your allowlist.
secrets.json.http://mail.ztpc.com/.secrets.json. 状态:登录失败(账号或密码错误)
状态:需要人工验证(验证码/二次验证)
interactive_2fa=false => STOP and report: 状态:需要人工验证(验证码/二次验证)
interactive_2fa=true (interactive runs only):1) Click Send Verification Code.
2) Prompt the user (in Chinese) to provide the SMS code (typically 6 digits; valid ~5 minutes).
3) Fill the code into the input (e.g. textbox "Please input").
4) If present, tick Set as a trusted device (or equivalent wording) to reduce future prompts.
5) Click Next and wait for mailbox main UI.
6) If still blocked by additional verification => STOP and report:
状态:需要人工验证(验证码/二次验证)
max items.For each unread mail row (up to max):
IMPORTANT:
For each row:
Action:
dry_run=true: do not click spam; only record decisions.dry_run=false and decided SPAM:Return exactly ONE final message with this structure:
✅ 状态:完成(dry_run=<true|false>, max=<N>)
🗑️ 垃圾邮件处理:<S> 封
- <发件人> — <主题>
...
⚠️ 非垃圾/不确定(未处理):<K> 封
- <发件人> — <主题>
...
If stopped for manual verification:
⛔ 状态:需要人工验证(验证码/二次验证)
说明:检测到登录需要验证码/二次验证,请先在同一浏览器 profile 中手动完成一次验证,然后再次运行本技能。
If secrets missing:
⛔ 状态:缺少配置(secrets.json)
说明:请在 ~/.openclaw/workspace/skills/ztpc-spam-sweep/secrets.json 填写用户名与密码。
blocklist.txt.共 1 个版本