Resend Send Native Node

Send email via the Resend.com HTTPS API.

Native Node.js. Zero dependencies. One POST call for real sends. Small enough to audit directly.

When to use

Trigger phrases: "email me", "send an email", "mail this to", "send a notification", "email the report".

Use this when:

• The user wants to send an email fast, without Gmail OAuth or App Password pain
• Simple "fire and forget" sends (no inbox reading needed)
• The user has a Resend.com account (free tier: 3,000 emails/month)
• Weekly/report-style outbound messages where the body is generated from explicitly reviewed text

Do NOT use this when:

• The user wants to READ email (this is send-only)
• The user needs to send from a specific personal Gmail address (use a Gmail-specific skill)
• Sensitive business emails where provenance matters (Resend's default onboarding@resend.dev sender looks transactional)
• The recipient, sender, or final body has not been explicitly reviewed/approved for a real send

Safety policy for agents

This skill is send-only, but it is still externally mutating. For agent use:

1. Draft first. Generate or inspect the exact body text before sending.
2. Dry-run first. The script dry-runs by default; review the printed payload.
3. Explicit approval. Use --send only after the user explicitly approves that exact recipient, subject, and body.
4. Use an allowlist. Real sends fail closed unless RESEND_ALLOWED_TO=addr@example.com,other@example.com is set in the process environment for approved recipients.
5. No raw memory dumps. Email only curated report text, not unfiltered memory, transcripts, logs, or private workspace context.

How to run

The script is in scripts/send.mjs.

Basic:

node "<skill-dir>/scripts/send.mjs" --to "you@example.com" --subject "Hello" --body "Hi there"

Without --send, this prints a dry-run payload and does not send.

With from address override:

node "<skill-dir>/scripts/send.mjs" --from "OpenClaw <onboarding@resend.dev>" --to "you@example.com" --subject "Hello" --body "Hi"

HTML body:

node "<skill-dir>/scripts/send.mjs" --html --to "you@example.com" --subject "Styled" --body "<h1>Hi</h1><p>Hello</p>"

Dry run (no send, just print the payload):

node "<skill-dir>/scripts/send.mjs" --dry-run --to "you@example.com" --subject "Test" --body "..."

Real send (only after explicit approval):

node "<skill-dir>/scripts/send.mjs" --send --to "you@example.com" --subject "Weekly report" --body "Approved report text"

All flags

Flag	Required?	Purpose
--to	yes	Comma-separated recipient addresses
--subject	yes	Message subject
--body	yes	Inline message body
--cc	no	Comma-separated cc
--bcc	no	Comma-separated bcc
--from	no	Override sender, e.g. "OpenClaw <onboarding@resend.dev>"
--reply-to	no	Reply-to address
--html	no	Body is HTML instead of plain text
--dry-run	no	Don't send; print the JSON payload
--send	no	Actually send. Without this, the script dry-runs by default
-h, --help	no	Show help

--body-file is intentionally not supported in the public package. Review file contents yourself and pass approved text with --body.

Credentials

Requires process environment values:

• RESEND_API_KEY - starts with re_...
• RESEND_ALLOWED_TO - comma-separated recipient allowlist for real sends
• Real sends require RESEND_ALLOWED_TO; without it the script refuses --send

How to get one:

1. Sign up at https://resend.com (free - 3,000 emails/month)
2. Go to API Keys in the dashboard
3. Click Create API Key, name it, and choose the least-privilege sending permission available for your account
4. Copy the key

Export it in the runtime process environment:

$env:RESEND_API_KEY="<your-resend-key>"
$env:RESEND_ALLOWED_TO="you@example.com,reports@example.com"

Sender identity

By default, emails are sent from onboarding@resend.dev - Resend's default sender. This works immediately without any domain setup.

For a custom domain (later, optional):

1. Add your domain to Resend at https://resend.com/domains
2. Configure DNS records they provide
3. Use a verified sender with --from "Reports <reports@your-verified-domain.example>"

What this skill does

• Reads RESEND_API_KEY from the process environment only
• POSTs a JSON request to https://api.resend.com/emails
• Prints a one-line confirmation with the Resend message ID
• Defaults to dry-run unless --send is present
• Validates basic recipient address shape before sending
• Enforces RESEND_ALLOWED_TO for real sends; fail-closed if it is missing
• Prints body byte length and SHA-256 prefix in dry-run so reviewed content can be matched to the send

What this skill does NOT do

• Does not read or manage email (this is send-only)
• Does not read local files or support --body-file
• Does not write any files
• Does not make network calls other than to api.resend.com
• Does not auto-update
• Does not support attachments in this version

Output

On success:

sent to you@example.com (subject: Hello) - resend-id: c8f43f2a-...

On failure, clear error on stderr with a non-zero exit code.

Troubleshooting

• "RESEND_API_KEY not set" - get one at https://resend.com and export RESEND_API_KEY in the process environment
• HTTP 401 - API key is invalid or was revoked
• HTTP 403 - API key doesn't have send permission (check dashboard)
• HTTP 422 - the from address isn't verified on your Resend account (use onboarding@resend.dev or verify your own domain)
• HTTP 429 - rate limited (free tier: 100/day, 3,000/month)
• Network error - transient; retry

Free tier limits

• 3,000 emails/month
• 100 emails/day
• Sends from onboarding@resend.dev (no domain needed)
• For higher limits + custom domains, paid tiers start at $20/month