ClawHub

OpenMail

v1.0.1

Gives the agent a dedicated email address for sending and receiving email. Use when the agent needs to send email to external services, receive replies, sign...

1· 125·0 current·0 all-time
by@armandokun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binary ('openmail'), primaryEnv (OPENMAIL_API_KEY), and the npm install for @openmail/cli are all consistent with a CLI-based email inbox service.
Instruction Scope
SKILL.md instructs the agent to ask the user for an OpenMail API key and write it to ~/.openclaw/openmail.env (then source it). That is expected for a CLI wrapper but means a plaintext API key file will be created in the user's home directory — the file location and the practice of sourcing it are explicit and should be reviewed for appropriate file permissions. The skill also documents cron-based polling and autonomous reply modes; these grant the agent the ability to perform background actions if the user asks to enable them.
Install Mechanism
Install uses npm to install @openmail/cli and creates the 'openmail' binary. npm is an expected mechanism for a Node CLI. No downloads from untrusted URLs or archive extraction steps are used.
Credentials
Only one credential (OPENMAIL_API_KEY) is declared as primary. The env vars the instructions write (OPENMAIL_API_KEY, OPENMAIL_INBOX_ID, OPENMAIL_ADDRESS) are appropriate for the stated functionality and nothing else is requested.
Persistence & Privilege
always is false (not force-included). The SKILL.md documents optional cron jobs and an autonomous 'full channel' mode for automated responses — these are user-configurable but increase the operational footprint if enabled. Consider whether you want the agent to set up background polling or autonomous replies before enabling.
Assessment
This skill appears to do what it says: it wraps an OpenMail service via a CLI and needs your OpenMail API key. Before installing/providing secrets, verify the npm package and publisher (look up @openmail/cli on the npm registry and confirm the homepage/owner match https://openmail.sh). If you proceed: (1) prefer creating a test key (om_test_...) rather than a production key while evaluating; (2) be aware the setup writes your API key in plaintext at ~/.openclaw/openmail.env — restrict file permissions (chmod 600) or keep it in a secure secret store if possible; (3) do not enable autonomous reply mode or cron polling unless you trust the service and want background activity; (4) review the npm package source if you can (to confirm no unexpected network endpoints or telemetry); (5) if you are uncomfortable with background jobs or giving an API key, do not provide the key or set disable-model-invocation/avoid scheduling cron jobs. If you want, I can fetch the npm package metadata or a link to the package page so you can inspect the publisher and version details.

Like a lobster shell, security has layers — review code before you run it.

latestvk977r44erfkzhnh58gfrcwjt3983kxv8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📬 Clawdis
Binsopenmail
Primary envOPENMAIL_API_KEY

Install

Install OpenMail CLI (npm)
Bins: openmail
npm i -g @openmail/cli

Comments