ClawHub

ProtonMail via Proton Mail Bridge

v1.0.1

ProtonMail integration via Proton Mail Bridge for reading and sending encrypted emails.

1· 729·0 current·0 all-time
byJim Staley, CISSP@rvacyber
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required env vars (PROTONMAIL_ACCOUNT, PROTONMAIL_BRIDGE_PASSWORD), dependencies (imap, nodemailer, mailparser) and the brew install of Proton Mail Bridge align with a skill that talks to a local IMAP/SMTP bridge. Nothing requested appears unrelated to reading/sending ProtonMail via Bridge.
Instruction Scope
SKILL.md keeps instructions scoped to installing/starting the Bridge, obtaining the Bridge-generated IMAP/SMTP credentials, adding them to OpenClaw config, and using the CLI/tool. It does instruct copying the skill into ~/.openclaw/skills and mentions that OpenClaw session logs may contain email text — a relevant privacy/security note. No instructions ask the agent to read unrelated system files or exfiltrate data, but the instructions do rely on storing credentials in an OpenClaw config file (see environment_proportionality).
Install Mechanism
Install spec is a Homebrew cask for the official Proton Mail Bridge — an expected, low-risk distribution method. The package also uses standard npm dependencies; the included install-skill script copies files into ~/.openclaw which is a normal local install step for skills.
Credentials
Requested environment variables are exactly the Bridge account and Bridge-generated password — appropriate and minimal for the stated functionality. However, SKILL.md suggests storing the Bridge password in ~/.openclaw/openclaw.json (plain JSON), which is sensitive. The project recommends chmod 600 and keychain/password manager, but users should treat that file and OpenClaw session logs as sensitive because they may contain email content.
Persistence & Privilege
Skill is not always:true and does not request system-wide elevated privileges. It installs into the user's OpenClaw skills directory and registers tools — expected for a skill. Autonomous invocation is allowed (platform default) but does not on its own increase concern given the limited, local-scope access.
Assessment
This skill appears to do what it says: it connects to a local Proton Mail Bridge using the Bridge-generated credentials. Before installing, consider the following: 1) Avoid storing the Bridge password in plain text if possible — prefer OS keychain/password manager or ensure ~/.openclaw/openclaw.json is strictly permissioned (chmod 600). 2) Be aware OpenClaw session logs/tool calls can contain email text; protect your workspace and access to your machine. 3) Verify you install Proton Mail Bridge from the official source (Homebrew cask or Proton's site). 4) Review the skill source if you want extra assurance (it uses local IMAP/SMTP only; no external endpoints). 5) Keep the skill and dependencies updated and audit npm dependencies periodically. Note: some documentation files mention TLS validation behavior; the code constrains Bridge hosts to localhost and uses plain localhost connections — this is expected for Bridge but is a local-only trust decision you should accept consciously.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🔐 Clawdis
EnvPROTONMAIL_ACCOUNT, PROTONMAIL_BRIDGE_PASSWORD

Install

Install Proton Mail Bridge (macOS)brew install proton-mail-bridge
latestvk9716838rqahqhsx2s9h8pwab18535s8
729downloads
1stars
4versions
Updated 2d ago
v1.0.1
MIT-0
Jim Staley, CISSP@rvacyber
latest
Download

RVA Cyber

ProtonMail Skill (v1.0.1)

Use ProtonMail for secure email via Proton Mail Bridge. Stable release — CLI tested against live Proton Mail Bridge.

Setup (once)

  1. Install Proton Mail Bridge:

    brew install --cask proton-mail-bridge

  2. Launch Bridge and sign in:

    • Open Proton Mail Bridge app
    • Sign in with your ProtonMail credentials
    • Bridge will generate local IMAP/SMTP credentials

  3. Configure the skill: Add to your OpenClaw config (~/.openclaw/openclaw.json):

    {
  "skills": {
    "entries": {
      "protonmail": {
        "enabled": true,
        "env": {
          "PROTONMAIL_ACCOUNT": "your-email@pm.me",
          "PROTONMAIL_BRIDGE_PASSWORD": "bridge-generated-password"
        }
      }
    }
  }
}

    Get Bridge credentials:

    • In Bridge, click your account → Mailbox configuration
    • Copy the IMAP password (NOT your ProtonMail password)
    • Use skills.entries.protonmail (not skills.protonmail)

CLI Usage

The skill provides a protonmail CLI tool:

# List inbox (most recent 10 emails)
protonmail list-inbox --limit=10 [--unread]

# Search emails
protonmail search "from:alice@example.com" --limit=20

# Read specific email
protonmail read <uid>

# Send email
protonmail send --to=bob@example.com --subject="Meeting" --body="See you at 3pm"

# Reply to email
protonmail reply <uid> --body="Sounds good!"

Common Requests

  • List inbox: "Check my ProtonMail inbox"
  • Search emails: "Search ProtonMail for emails from alice@example.com"
  • Read email: "Read ProtonMail email UID 31"
  • Send email: "Send an email via ProtonMail to bob@example.com about the project"
  • Reply: "Reply to ProtonMail email UID 31"

How It Works

  1. Proton Mail Bridge runs locally and connects to your ProtonMail account
  2. Bridge provides local IMAP (read) and SMTP (send) servers
  3. This skill connects to Bridge's local servers
  4. All encryption/decryption happens locally via Bridge
  5. No third-party services — direct ProtonMail integration

Security

  • ✅ Official Proton software (audited, open-source Bridge)
  • ✅ End-to-end encryption maintained
  • ✅ Credentials stored locally only
  • ✅ No API keys or tokens — uses standard IMAP/SMTP
  • ✅ Bridge password is separate from your ProtonMail password

Troubleshooting

"Connection refused" errors

  • Check Bridge is running: Open Proton Mail Bridge app
  • Verify ports: Bridge should show 127.0.0.1:1143 (IMAP) and 127.0.0.1:1025 (SMTP)

"Authentication failed"

  • Use Bridge password, not ProtonMail password: Get it from Bridge → Account → Mailbox configuration
  • Check account email: Must match exactly (e.g., user@pm.me or user@protonmail.com)

"Skill not found"

  • Reinstall skill: Run npm run install-skill in the skill directory
  • Check OpenClaw config: Ensure skills.protonmail.enabled: true

Development

See README.md for development setup and testing.

License

MIT — See LICENSE

Comments

Loading comments...