ClawHub

AgentMail MCP CLI

v1.0.3

Manage AI agent email accounts via AgentMail API. Create inboxes, send/receive/reply to emails, manage threads and attachments. Use for "email", "agentmail",...

1· 373·0 current·0 all-time
byFlorian Heiwig@flohiwg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (manage AgentMail inboxes, send/receive/reply, attachments) matches the declared requirements: a node-based CLI 'agentmail' and an AGENTMAIL_API_KEY. Asking for an API key and the CLI binary is proportionate to the skill's stated purpose.
Instruction Scope
SKILL.md contains only CLI usage instructions for the agentmail tool (inboxes, threads, messages, attachments). It does not instruct the agent to read unrelated files, look up unrelated credentials, or send data to endpoints beyond AgentMail (docs/homepage point to agentmail.to). Note: the skill will access email contents and attachments by design — that is expected but has privacy implications.
Install Mechanism
Install uses an npm package (openclaw-agentmail-cli) which is a common and expected distribution method for a Node CLI. npm installs are moderate risk compared with curated package managers because packages can contain arbitrary code; verify the package's publisher and contents before installing in sensitive environments.
Credentials
Only the AGENTMAIL_API_KEY is required and declared as the primary credential. That single API key is appropriate for interacting with the AgentMail API and is proportionate to the skill's capabilities.
Persistence & Privilege
The skill does not request always:true, does not modify other skills' config, and declares no system config paths. It can be invoked autonomously (platform default), which increases blast radius but is not unusual for skills and is not by itself a coherence problem.
Assessment
This skill appears coherent for managing AgentMail accounts, but before installing: 1) Verify the npm package 'openclaw-agentmail-cli' and its publisher on the npm registry and inspect the GitHub repository to ensure it matches expectations. 2) Limit the AGENTMAIL_API_KEY scope and use an ephemeral or low-privilege key if possible. 3) Be aware the skill (and the agent using it) will have access to full email contents and attachments; avoid granting keys that expose unrelated accounts or data. 4) If you want to reduce risk, run the CLI in an isolated environment/container and avoid giving the agent autonomous access to sensitive inboxes until you trust the package. 5) If you need higher assurance, request the package's signed releases or a reproducible build from the maintainer.

Like a lobster shell, security has layers — review code before you run it.

ai-agentsvk97f33rec6vksy5x6ge9zzm3w181yfh0emailvk97f33rec6vksy5x6ge9zzm3w181yfh0inboxvk97f33rec6vksy5x6ge9zzm3w181yfh0latestvk97f33rec6vksy5x6ge9zzm3w181yfh0mcpvk97f33rec6vksy5x6ge9zzm3w181yfh0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode, agentmail
EnvAGENTMAIL_API_KEY
Primary envAGENTMAIL_API_KEY

Install

Node
Bins: agentmail
npm i -g openclaw-agentmail-cli

Comments