Email Header Analyser

v1.0.0

Analyzes email headers to extract authentication, routing, and security metadata for threat detection and email forensics.

⭐ 0· 111·0 current·0 all-time

byToolWeb@krishnakumarmahadevan-cmd

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for krishnakumarmahadevan-cmd/email-header-analyser.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Email Header Analyser" (krishnakumarmahadevan-cmd/email-header-analyser) from ClawHub.
Skill page: https://clawhub.ai/krishnakumarmahadevan-cmd/email-header-analyser
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install email-header-analyser

ClawHub CLI

Package manager switcher

npx clawhub@latest install email-header-analyser

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The SKILL.md and openapi describe an API-based email header analyzer and list external hostnames (api.mkkpro.com, toolweb.in). However the skill declares no servers in the OpenAPI, no install, and no required credentials. If this skill is expected to call a third‑party API, it should declare the server URL and any required API keys. The absence of those items is inconsistent with a hosted API integration.

Instruction Scope

The instructions describe accepting raw email headers and returning parsed forensic results. They do not instruct reading local files or env vars, which is good, but they implicitly direct the agent to use an external service (links and a Kong route are provided). That means sensitive email headers (containing IPs, addresses, possibly internal routing info) would be transmitted to the listed third parties. There is no privacy notice, no explicit consent step, and no guidance to avoid sending production-sensitive headers.

ℹ

Install Mechanism

This is an instruction-only skill with no install spec or code — lowest disk/write risk. However, because it appears to rely on an external API, the security surface is runtime network calls rather than local installation. That makes network destination and authentication the primary risk vectors.

Credentials

The skill lists pricing plans (Free/Developer/Professional/Enterprise) which implies an API that likely requires keys or an account, yet requires.env and primary credential are empty. This omission is disproportionate: a hosted API integration should declare required credentials or clearly document how authentication is handled. The mismatch makes it unclear whether the skill will prompt users for credentials or silently transmit data.

✓

Persistence & Privilege

always is false and there are no declared actions that modify other skills or system settings. The skill can be invoked autonomously by the agent (platform default), which increases risk only in combination with the other concerns above, but autonomy alone is not flagged.

What to consider before installing

This skill appears to be a thin API descriptor that points at third-party hosts (api.mkkpro.com, toolweb.in) but does not declare the server URL in OpenAPI or any required API keys. Before installing or using it: (1) confirm who operates the api.mkkpro.com/toolweb.in endpoints and read their privacy/security policy; (2) assume any header text you submit will be transmitted off‑host — email headers can contain PII and internal network information, so do not submit production or sensitive headers until you trust the endpoint; (3) ask the skill author to include the API server(s) in openapi.json, declare required credentials, and document how data is handled, retained, and protected; (4) if you need offline/local analysis, prefer a skill or tool that runs parsing code locally or provide your own self‑hosted endpoint; (5) test with synthetic headers first. If the author cannot provide clear hosting/authentication/privacy details, treat the skill as unsafe for sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97drznrmdf3yfzw7tqt82940983begk

111downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

Overview

The Email Header Analyser API provides deep inspection and forensic analysis of email message headers. Security professionals, incident responders, and email administrators use this tool to identify spoofing attempts, trace message routing, validate authentication protocols (SPF, DKIM, DMARC), and detect malicious headers.

Email headers contain critical metadata that reveals the true origin of messages, intermediate mail servers, and authentication status. This API parses raw headers and extracts actionable intelligence for phishing investigations, compliance audits, and email security operations.

Ideal users include SOC analysts, email security teams, incident response professionals, forensic investigators, and organizations requiring email authentication verification and threat intelligence capabilities.

Usage

Sample Request

{
  "header": "Received: from mail.example.com (mail.example.com [192.0.2.1]) by mx.targetdomain.com with SMTP id abc123; Wed, 15 Jan 2025 10:30:45 +0000\nFrom: sender@example.com\nTo: recipient@targetdomain.com\nSubject: Security Analysis\nAuthentication-Results: targetdomain.com; spf=pass smtp.mailfrom=sender@example.com; dkim=pass header.d=example.com; dmarc=pass\nReturn-Path: <sender@example.com>\nDate: Wed, 15 Jan 2025 10:30:45 +0000"
}

Sample Response

{
  "sender_ip": "192.0.2.1",
  "sender_domain": "mail.example.com",
  "from_address": "sender@example.com",
  "to_address": "recipient@targetdomain.com",
  "received_servers": [
    {
      "hostname": "mail.example.com",
      "ip": "192.0.2.1",
      "timestamp": "2025-01-15T10:30:45Z"
    },
    {
      "hostname": "mx.targetdomain.com",
      "ip": null,
      "timestamp": null
    }
  ],
  "authentication": {
    "spf": "pass",
    "dkim": "pass",
    "dmarc": "pass"
  },
  "subject": "Security Analysis",
  "date": "2025-01-15T10:30:45Z",
  "return_path": "sender@example.com",
  "suspicious_indicators": []
}

Endpoints

POST /analyze-header

Analyzes a raw email header to extract authentication, routing, and security metadata.

Method: POST
Path: /analyze-header

Request Parameters:

Parameter	Type	Required	Description
header	string	Yes	Raw email header text containing one or more Received headers, authentication headers, and message metadata.

Response Schema:

The response contains extracted header analysis including:

Field	Type	Description
sender_ip	string	IP address of the originating mail server.
sender_domain	string	Hostname of the originating mail server.
from_address	string	Email address in the From header.
to_address	string	Email address in the To header.
received_servers	array	List of mail servers in the routing path with hostname, IP, and timestamp.
authentication	object	Authentication protocol results (spf, dkim, dmarc status).
subject	string	Email subject line.
date	string	Message date in ISO 8601 format.
return_path	string	Return-Path header value.
suspicious_indicators	array	List of detected anomalies or security concerns.

Status Codes:

200: Successful analysis returned.
422: Validation error—header field missing or invalid.

Pricing

Plan	Calls/Day	Calls/Month	Price
Free	5	50	Free
Developer	20	500	$39/mo
Professional	200	5,000	$99/mo
Enterprise	100,000	1,000,000	$299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Kong Route: https://api.mkkpro.com/security/email-header-analyser
API Docs: https://api.mkkpro.com:8016/docs

Comments

Loading comments...