☤CaduceusMail

v3.6.7

☤CaduceusMail lets your OpenClaw automate an enterprise-level communications stack with one domain/mailbox combo.

⭐ 0· 407·1 current·1 all-time

by@lmtlssss

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

The name/description (M365/Exchange + Cloudflare DNS mailbox/domain automation) maps directly to the env vars requested (ENTRA_* for Azure/Graph, EXCHANGE_*, ORGANIZATION_DOMAIN, CLOUDFLARE_*). Required binaries (bash, node, python3) are used by the wrapper for verification and to run the vendored CLI; jq is declared in metadata (and is harmless if present). The request for high-privilege secrets is proportional to the declared operations (Graph app roles, Exchange RBAC, DNS mutations).

ℹ

Instruction Scope

SKILL.md instructs running the included run.sh wrapper which: verifies/extracts a vendored tarball, creates a private state directory, and execs the vendored node CLI with a sanitized environment (env -i + explicit allow-list). The wrapper intentionally forwards only a focused set of env vars (plus any CADUCEUSMAIL_/OPENCLAW_*/EMAIL_ALIAS_FABRIC_* vars). This grants the vendored CLI full access to the service credentials you provide (ENTRA_CLIENT_SECRET, CLOUDFLARE_API_TOKEN) — which is expected, but you should understand the node process receives these secrets at runtime. The SKILL.md also documents the security posture and the external-script-resolution opt-in flag.

✓

Install Mechanism

There is no network install at runtime; the skill vendors a tarball and a release manifest. The wrapper verifies SHA-1 and a pinned sha512 integrity value, prevents path-traversal during extraction, and sets restrictive permissions. No downloads from untrusted URLs occur by default. The code performs an on-disk install under a user-local XDG_DATA_HOME path.

✓

Credentials

The set of required environment variables directly correspond to the Microsoft/Exchange and Cloudflare operations the tool performs. The skill legitimately needs Entra/Azure client id/secret and Cloudflare token/zone id. The wrapper does read and forward a handful of general host env vars (HOME, PATH, LANG, SSH_*, TMP*), but it uses env -i to avoid leaking the full host environment and only forwards explicitly enumerated values. The documentation explicitly recommends least-privilege service principals and limited Cloudflare tokens.

✓

Persistence & Privilege

The skill is not always-enabled, model invocation is allowed (normal), and runtime state is confined to a skill-owned directory (~/.caduceusmail and XDG_DATA_HOME/toolchains) with owner-only permissions. The skill may perform high-privilege Cloud/M365 operations by design, but it does not request system-wide or other-skills credentials, nor does it modify other skills' configuration. External script resolution is opt-in (default off).

Assessment

This skill appears internally consistent with its stated purpose, but it will receive high-privilege credentials (Azure/Entra client secret and a Cloudflare token) which the vendored node CLI can use at runtime. Before installing or enabling: 1) Verify you trust the vendored release artifact (review vendor/caduceusmail-3.6.7.tgz contents and the pinned repository/commit in vendor/caduceusmail-release.json). 2) Use a dedicated least-privilege Entra service principal scoped only to the required Graph/Exchange roles and a Cloudflare token limited to the single zone. 3) Keep CADUCEUSMAIL_ALLOW_EXTERNAL_SCRIPT_RESOLUTION unset (default 0) unless you explicitly need it. 4) Consider running the wrapper's doctor command in a safe/test environment first to observe behavior. If you cannot or do not want to trust the vendored CLI code, do not provide production credentials to this skill.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

☤ Clawdis

Binsbash, node, python3, jq

EnvENTRA_TENANT_ID, ENTRA_CLIENT_ID, ENTRA_CLIENT_SECRET, EXCHANGE_DEFAULT_MAILBOX, EXCHANGE_ORGANIZATION, ORGANIZATION_DOMAIN, CLOUDFLARE_API_TOKEN, CLOUDFLARE_ZONE_ID

latestvk974hqsbk80q46xbb53xt34cnd82ghey

407downloads

0stars

10versions

Updated 14h ago

v3.6.7

MIT-0

☤CaduceusMail 3.6.7

Inbox-reliability optimization engine: automates sender trust hardening, identity rotation, and scale-ready outreach/support flows designed to keep your mail out of junk.

☤CaduceusMail is a shippable skill for enterprise-grade alias/domain control on top of a single Microsoft 365 mailbox and Cloudflare DNS zone.

OpenClaw skill adapter for an audited caduceusmail release artifact vendored inside this skill. It manages M365 + Cloudflare mail/DNS without a runtime npm fetch.

What this does

This skill is a thin adapter around the standalone caduceusmail package. On first use the wrapper:

Verifies the vendored tarball against a pinned SHA-512 integrity value in vendor/caduceusmail-release.json
Extracts the audited release into a skill-owned cache under ~/.local/share/caduceusmail-skill/toolchains
Runs the CLI with a reduced environment and owner-only permissions on runtime state directories

It does not fetch code from npm at runtime, install a global package, or execute npm lifecycle scripts.

First move

Run the doctor through the secure wrapper before you do anything theatrical.

bash {baseDir}/scripts/run.sh doctor --json

Quick start

bash {baseDir}/scripts/run.sh bootstrap \
  --organization-domain "example.com" \
  --mailbox "ops@example.com" \
  --bootstrap-auth-mode device

Daily headless run after bootstrap

bash {baseDir}/scripts/run.sh bootstrap \
  --organization-domain "example.com" \
  --mailbox "ops@example.com" \
  --skip-m365-bootstrap

Lane operations

bash {baseDir}/scripts/run.sh provision-lane \
  --mailbox "ops@example.com" \
  --local "support" \
  --domain "support-reply.example.com"

bash {baseDir}/scripts/run.sh verify-lane \
  --mailbox "ops@example.com" \
  --alias-email "support@support-reply.example.com" \
  --domain "support-reply.example.com"

bash {baseDir}/scripts/run.sh retire-lane \
  --mailbox "ops@example.com" \
  --alias-email "support@support-reply.example.com"

Hard Rules

never send group emails from one operation
never send one message to multiple recipients at once
treat no-reply lanes as intentional non-receiving identities (no MX + SPF -all profile)
delete defaults are reply-safe: aliases are retired with fallback continuity unless explicitly hard-removed

What this skill can do

bootstrap Graph and Exchange auth posture
hand off Microsoft device-login flows for VPS/SSH setups through OpenClaw gateway/browser hooks
audit credential and DNS posture
optimize root mail records
provision reply and no reply lanes under subdomains
verify lane readiness
retire lanes with reply continuity
generate awareness snapshots and machine readable state artifacts

OpenClaw runtime pattern

Prefer secret injection through skills.entries.caduceusmail.env over editing files. See examples/openclaw.config.json5. The wrapper forwards only the CaduceusMail/OpenClaw/M365/Cloudflare variables it needs plus terminal/headless hints, so unrelated host secrets are not passed through by default. External script resolution stays disabled unless CADUCEUSMAIL_ALLOW_EXTERNAL_SCRIPT_RESOLUTION=1 is set explicitly.

Security and Privilege Disclosure

This skill performs high-privilege operations by design:

Microsoft Graph app role grants
Exchange service principal and RBAC role assignments
Exchange accepted-domain tuning (optional flags)
Cloudflare DNS mutations for lane records

Runtime state artifacts are written under ~/.caduceusmail/intel with owner-only permissions. Env/secret persistence remains opt-in in the underlying tool, and any persisted env file is expected to stay owner-readable only. Use least-privilege credentials: a dedicated Entra service principal scoped to the required Graph/Exchange roles and a Cloudflare token limited to the target zone's DNS permissions.

Comments

Loading comments...