ProtonMail via Proton Mail Bridge
PassAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-aligned for connecting OpenClaw to ProtonMail through the local Proton Mail Bridge, but it can read and send email using your account.
Before installing, be comfortable with OpenClaw reading and sending ProtonMail messages through Bridge. Use the Bridge-generated password, keep your OpenClaw config and session logs private, review outgoing messages before they are sent, and verify the installed package includes the expected built CLI files.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process with this configured credential can read mail and send mail through the configured ProtonMail account while Bridge is running.
The skill needs the user's Proton Mail Bridge account and generated Bridge password, which grants access to the mailbox through local IMAP/SMTP.
"PROTONMAIL_ACCOUNT": "your-email@pm.me", "PROTONMAIL_BRIDGE_PASSWORD": "bridge-generated-password"
Use only the Bridge-generated password, protect ~/.openclaw/openclaw.json with restrictive permissions, and install only if you trust OpenClaw to access this mailbox.
If invoked incorrectly, the agent could send an unintended email or reply from the user's ProtonMail account.
The skill intentionally exposes email send and reply capabilities, which are account actions with external recipients.
protonmail send --to=bob@example.com --subject="Meeting" --body="See you at 3pm"
Review recipient, subject, and body before allowing send/reply actions, and consider platform-level confirmation for outgoing mail.
Private email text may remain in local agent logs or session history after use.
Email content returned to the agent can persist in OpenClaw session transcripts even though the skill says it does not persistently store email itself.
OpenClaw session logs may contain email text — treat session files as sensitive
Protect the OpenClaw workspace, limit who can read session files, and clear or archive sensitive sessions according to your privacy needs.
Installation may fail or require building/generated files that were not fully represented in the reviewed manifest.
The package references generated/runtime paths that are not present in the supplied file manifest, creating a packaging/provenance gap to verify before relying on the installed CLI.
"main": "dist/index.js", "bin": { "protonmail": "bin/protonmail" }Verify the installed package contains the expected dist and bin files, or build locally from the reviewed TypeScript source before use.