Daily Email Summary
v1.0.0Fetches recent emails from Gmail and provides concise summaries. Use when the user wants to check emails, get email summaries, or review their inbox.
⭐ 1· 1.9k·5 current·5 all-time
by@bbdyno
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, required binary (python3), required env var (GMAIL_CREDENTIALS_PATH), included Python script, and listed Python dependencies all align with a Gmail-reading-and-summarization skill. The declared Gmail readonly scope (https://www.googleapis.com/auth/gmail.readonly) matches the stated purpose. Note: registry 'Source' is marked unknown and the homepage is a placeholder (github.com/yourusername/...), so provenance is not fully verified.
Instruction Scope
SKILL.md instructs the agent to verify GMAIL_CREDENTIALS_PATH, run scripts/fetch_emails.py, parse its JSON output, and summarize each email. The helper script only accesses the credentials path, performs OAuth, fetches unread messages, decodes bodies (truncated to 1000 chars), and returns JSON — consistent with the stated purpose. Important privacy note: email contents produced by the script are intended to be summarized by the agent/AI, which means your email text will be sent to OpenClaw's model/service for processing; SKILL.md and README mention this explicitly. The script does not reference or exfiltrate data to other endpoints.
Install Mechanism
This is instruction-only with bundled Python code and a requirements.txt listing standard google-auth/google-api packages. There is no remote download/install step, no URL shorteners, and no archive extraction. Installing the dependencies via pip is the only install action required — proportional to the task.
Credentials
Only GMAIL_CREDENTIALS_PATH is required. The script uses that env var and stores OAuth tokens as token.json next to the credentials file. The requested environment access (a path to OAuth client credentials) is appropriate and minimal for Gmail API access. The skill requests only the Gmail readonly scope, which is proportionate. No unrelated secrets or system-wide config paths are requested.
Persistence & Privilege
always is false and the skill does not request elevated or persistent platform privileges. The script writes token.json into the same directory as the credentials (expected behavior for OAuth flows). The skill does not modify other skills or global agent settings. The agent's ability to call the skill autonomously (disable-model-invocation=false) is the platform default and not sufficient alone to raise concern.
Assessment
This skill appears to do what it says: it reads Gmail (readonly), creates a local OAuth token file (token.json), and outputs message JSON for the agent to summarize. Before installing: ensure the GMAIL_CREDENTIALS_PATH points to a credentials JSON you created in your Google Cloud Console; be aware that the email text returned by the script will be sent to the agent/AI for summarization (privacy risk if emails contain sensitive data); verify the skill's repository/source if provenance matters (the listed homepage looks like a placeholder); install Python packages in a virtual environment; after use you can revoke the OAuth token/credentials in your Google account if needed. If you want absolute assurance, inspect scripts/fetch_emails.py locally (it is short and readable) and confirm it meets your policies before granting access.Like a lobster shell, security has layers — review code before you run it.
latestvk97531btxed1n4hg9dyvkr6mvh80c01n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSmacOS · Linux · Windows
Binspython3
EnvGMAIL_CREDENTIALS_PATH