ClawHub

FREE EMAIL from @claw.boston 一键获取免费原生OpenClaw邮箱

Give your OpenClaw a real email address at @claw.boston. Send and receive emails with attachments, search your inbox, get notified of new messages. Setup tak...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 35 · 0 current installs · 0 all-time installs
byxcs@Mastalie
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (provide an @claw.boston mailbox, send/receive/search emails) match the SKILL.md commands and the documented API endpoints (register, send, inbox, attachments, search, account). Required artifacts (a local config.json with an api_key) are appropriate for this purpose. Minor inconsistency: README and SKILL.md list different free-plan daily limits (30 vs 15), but this is a documentation mismatch, not a security mismatch.
Instruction Scope
Runtime instructions stick to account registration, storing a returned api_key in ~/.openclaw/skills/claw-boston-email/config.json, sending/receiving/searching emails, and configuring a webhook to the local OpenClaw gateway. One privacy-relevant step: the skill instructs generating/sending an instance_token derived from instance_id, install_time, and hostname (HMAC-SHA256(...)) to the remote register endpoint — this transmits device-identifying data to the service. That can be expected for binding an account to an agent, but users should be aware it leaks instance identifiers to the remote server.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so nothing is downloaded or written beyond the documented local config.json. That is the lowest-risk install mechanism.
Credentials
The skill requests no environment variables or external credentials, and stores the service-provided api_key locally in config.json. Storing an api_key locally is necessary and proportional for mailbox access, but the api_key grants full access to the mailbox (read/send/configure webhooks) so it is sensitive — the README even warns not to share it. The only extra data sent during registration is the instance_token (instance_id/hostname); this is plausible but a privacy consideration.
Persistence & Privilege
always is false and the skill does not request persistent elevated privileges or modify other skills or system-wide settings. It writes its own config.json (expected). Configuring a webhook into the local gateway is normal for real-time notifications.
Assessment
This skill appears to do what it says: it registers a mailbox at claw.boston, stores the returned api_key locally (~/.openclaw/skills/claw-boston-email/config.json), configures a webhook to your local OpenClaw gateway, and uses the documented API for send/inbox/search/attachments. Before installing, consider: (1) The api_key gives the remote service full access to send and read your mailbox — only install if you trust claw.boston. (2) Registration transmits instance identifiers (instance_id and hostname) to the remote service; if you want to avoid linking your machine identity to the account, do not register. (3) Keep the config.json private and treat the api_key like a password; revoke it if you uninstall or no longer trust the service. (4) Note the README/skill text inconsistency in free-plan limits — treat plan/limit numbers as approximate and verify on the provider's site. If you want higher assurance, ask the skill author for a privacy policy or source code for the server-side component before use.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.2.0
Download zip
latestvk97avb3qqaehj2xxmpa81h0xjn83d9bd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

Setup

On first use, I'll register a @claw.boston email for you. Just say: "Set up my email" or "I need an email address"

Your API key will be stored locally at: ~/.openclaw/skills/claw-boston-email/config.json

Available Commands

Send email

"Send an email to alice@example.com about tomorrow's meeting" "Email bob@company.com: the report is ready"

Send with attachment

"Send the report.pdf to alice@example.com" "Email the summary to bob with the attached file"

Check inbox

"Do I have new emails?" "Check my inbox"

Read email

"Read the latest email" "What did alice@example.com send me?"

Reply

"Reply to that email saying I agree"

Search emails

"Search my inbox for emails about the project" "Find emails from alice@example.com" "Search for 'invoice' in my emails"

View account

"What's my email plan?" "How many emails have I sent today?"

API Reference

Base URL: https://api.claw.boston

Register

POST /api/register Body: { "instance_token": "<auto>", "preferred_name": "<optional>" } Response: { "address": "xxx@claw.boston", "api_key": "ck_...", "plan": "free", "limits": { "daily_send": 15, "history_days": 7 } }

Send

POST /api/send Header: Authorization: Bearer <api_key> Body: { "to": "...", "subject": "...", "text": "...", "attachments": [{ "filename": "...", "content": "<base64>", "content_type": "..." }] } Response: { "id": "msg_xxx", "status": "sent", "to": "...", "subject": "..." }

Inbox

GET /api/inbox Header: Authorization: Bearer <api_key> Query: ?limit=20&offset=0&since=<unix_timestamp> Response: { "emails": [...], "total": N, "limit": 20, "offset": 0 }

Read single email

GET /api/inbox/<id> Header: Authorization: Bearer <api_key> Response: { "id": "...", "from": "...", "to": "...", "subject": "...", "text": "...", "created_at": N, "has_attachments": bool, "attachments": [...] }

Download attachment

GET /api/inbox/<email_id>/attachments/<att_id> Header: Authorization: Bearer <api_key> Response: Binary file content with Content-Disposition header

Search

GET /api/inbox/search Header: Authorization: Bearer <api_key> Query: ?q=<keyword>&field=all|from|subject|body&limit=20&offset=0 Response: { "query": "...", "emails": [...], "total": N, "limit": 20, "offset": 0 }

Account info

GET /api/account Header: Authorization: Bearer <api_key> Response: { "plan": "...", "address": "...", "limits": {...}, "usage": {...} }

Configure webhook

POST /api/webhook/config Header: Authorization: Bearer <api_key> Body: { "url": "http://localhost:18789/webhook/claw-email" }

Webhook

I'll configure a webhook to receive real-time notifications when new emails arrive. The webhook points to your local OpenClaw gateway.

Webhook payload format: { "event": "email.received", "timestamp": "ISO8601", "data": { "id": "msg_xxx", "from": "sender@example.com", "to": "you@claw.boston", "subject": "Subject line", "preview": "First 200 chars...", "is_suspicious": false, "has_attachments": false, "attachment_count": 0 } }

Behavior Guide

First-time setup flow:

  1. Check if ~/.openclaw/skills/claw-boston-email/config.json exists
  2. If not → ask user for preferred email name (or offer to auto-generate)
  3. Read OpenClaw instance info, generate instance_token = HMAC-SHA256(instance_id + install_time + hostname)
  4. Call POST /api/register with instance_token and preferred_name
  5. Save the returned api_key to config.json
  6. Call POST /api/webhook/config to set up real-time notifications
  7. Confirm to user: "Your email is xxx@claw.boston"

Sending email:

  1. Read api_key from config.json
  2. Compose email based on user's natural language instruction:
    • Infer appropriate subject line
    • Write professional but concise email body
    • Match the language the user used (English/Chinese/etc)
  3. If user mentions files to attach, encode them as base64 and include in attachments[]
  4. Call POST /api/send
  5. Confirm: "Email sent to xxx. Subject: ..."

Checking inbox:

  1. Call GET /api/inbox
  2. Summarize: "You have N new emails:" then list from/subject/preview for each
  3. If no emails: "Your inbox is empty"

Reading a specific email:

  1. Call GET /api/inbox/<id>
  2. Present the full email content naturally
  3. If has_attachments is true, list the attachments with filenames and sizes

Searching emails:

  1. Call GET /api/inbox/search?q=<keyword>
  2. Present results: "Found N emails matching '<query>':" then list from/subject/date
  3. If no results: "No emails found matching '<query>'"
  4. Offer: "Want me to read any of these?"

Replying:

  1. Use the from address of the original email as the new "to"
  2. Prepend "Re: " to original subject (if not already there)
  3. Compose reply based on user's instruction
  4. Call POST /api/send

Webhook notification (incoming email):

  1. Parse the webhook payload
  2. Notify user: "New email from {from} — Subject: {subject}"
  3. Show preview
  4. If has_attachments, mention: "This email has {attachment_count} attachment(s)"
  5. Ask: "Want me to read the full email?"

Checking account:

  1. Call GET /api/account
  2. Report: plan, daily usage, limits

Notes

  • Free plan: 15 emails/day, 7-day history, 1MB attachments, basic search
  • Pro plan ($5/mo): 500 emails/day, 90-day history, 10MB attachments, full search
  • Foundation plan ($29 one-time): same as Pro, forever, with member badge
  • Emails flagged as suspicious (potential prompt injection) will be noted
  • Upgrade at https://claw.boston
  • Discord: https://discord.gg/WuPp45xumx

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…