AgentMail MCP CLI
PassAudited by ClawScan on May 10, 2026.
Overview
The skill matches its AgentMail email-management purpose, but it needs your AgentMail API key, can send/delete email resources, and depends on an external npm CLI not included in the review.
Install this only if you trust AgentMail and the openclaw-agentmail-cli npm package. Use a dedicated AgentMail inbox and API key where possible, prefer the AGENTMAIL_API_KEY environment variable over command-line key arguments, and require explicit approval before the agent sends, forwards, reply-alls, changes labels, or deletes inboxes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used without careful review, the agent could send, forward, reply-all, relabel, or delete AgentMail email resources.
The CLI exposes email-sending and destructive inbox-management actions. These are expected for an email-management skill, but they can affect external recipients or remove account resources.
`messages send <inbox-id>` | Send new email ... `messages reply <inbox-id> <msg-id>` | Reply to email ... `messages forward <inbox-id> <msg-id>` | Forward email ... `inboxes delete <id>` | Delete inbox
Require explicit user confirmation before sending, forwarding, reply-all, label changes, or deleting inboxes.
Anyone or any process with access to the API key may be able to use the AgentMail account according to that key's permissions.
The skill requires an AgentMail API key and also documents passing the key as a command-line argument. The credential is purpose-aligned, but it grants account access and CLI arguments can be easier to expose than environment variables.
export AGENTMAIL_API_KEY="your_api_key" ... agentmail --api-key "your_api_key" inboxes list
Use a dedicated, least-privileged AgentMail API key if available, prefer the environment variable method, avoid putting keys in command history, and revoke the key if it is exposed.
The installed npm CLI will handle your AgentMail key and email operations, but its implementation was not available in these artifacts.
Runtime behavior is delegated to an external npm package, while the provided artifact set contains only SKILL.md and no package source for review.
node | package: openclaw-agentmail-cli | creates binaries: agentmail
Install only if you trust the npm package and publisher; consider reviewing the linked repository/package contents before use.
The agent may read or handle private email messages and attachment details from AgentMail inboxes.
The skill can retrieve email thread contents and attachment information through the AgentMail provider. This is disclosed and purpose-aligned, but email content and attachments may be sensitive.
`threads get <inbox-id> <thread-id>` | Get thread with messages ... `attachments get <thread-id> <att-id>` | Get attachment
Use this with dedicated agent inboxes where possible, avoid exposing highly sensitive mail, and review any email or attachment content before forwarding or sharing it.