Email Smart Reply (AI-Powered)

v1.0.0

AI-powered email reply generation for B2B sales. Analyzes incoming emails to detect intent (inquiry, delivery chase, complaint, technical question, partnersh...

⭐ 0· 87·1 current·1 all-time

byJaden's built a claw@cjboy007

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for cjboy007/email-smart-reply.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Email Smart Reply (AI-Powered)" (cjboy007/email-smart-reply) from ClawHub.
Skill page: https://clawhub.ai/cjboy007/email-smart-reply
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install email-smart-reply

ClawHub CLI

Package manager switcher

npx clawhub@latest install email-smart-reply

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Suspicious

high confidence

ℹ

Purpose & Capability

Functionality (IMAP fetch → intent classification → KB retrieval → reply generation → Discord review → SMTP send) is coherent with an 'Email Smart Reply' skill. The code references exactly the expected pieces (IMAP, OpenRouter LLM, LanceDB/Obsidian KB, Discord bot, SMTP). However the registry metadata declares no required environment variables or credentials while the code clearly requires multiple secrets and access to other workspace skills and filesystem paths—this is an important mismatch.

Instruction Scope

SKILL.md & scripts instruct the agent to read workspace-level .env files, access $WORKSPACE/skills/imap-smtp-email/, scan an Obsidian vault, call external APIs (OpenRouter), push messages to Discord, and invoke external scripts (python search script under vector_store). The code also performs file writes (drafts, reviews-pending) and executes child processes (execSync/execFile). These actions go beyond a simple classifier/generator and require access to email credentials, bot tokens, and local KB — the instructions lack an explicit declaration of these runtime dependencies and the skill will access cross-skill directories which may contain sensitive data.

✓

Install Mechanism

No install spec (instruction-only with included JS files). That lowers installation risk because nothing is automatically downloaded. However included code invokes other local scripts (Python search script) and expects other workspace components; those external scripts will be executed at runtime (execSync/execFile), so risk comes from runtime execution rather than an installer.

Credentials

The skill's manifest lists no required env vars, but the code expects and reads multiple sensitive environment variables and paths: OPENROUTER_API_KEY (OpenRouter LLM), DISCORD_BOT_TOKEN, IMAP_USER/IMAP_PASS/IMAP_HOST/IMAP_PORT/IMAP_TLS, VECTOR_STORE_PATH or PYTHON_PATH, KB_PATH, DRAFTS_DIR and a root .env. It also expects access to another skill's directory ($WORKSPACE/skills/imap-smtp-email) and vector_store scripts. Requesting these secrets would be proportionate for the stated functionality, but the metadata omission is an incoherence and increases risk because the installer/registry entry does not warn the user; cross-skill filesystem access (reading/writing drafts in another skill) is particularly noteworthy.

ℹ

Persistence & Privilege

The skill is not marked 'always: true' and does not request elevated agent-wide privileges. It does create and modify files within its own and other workspace directories (drafts, reviews-pending) and sets timeouts for in-process timers. It also calls out to other skill directories ($WORKSPACE/skills/imap-smtp-email/) and thus may modify or create drafts that another skill expects to own — this cross-skill file modification is a privilege/footprint the user should be aware of.

What to consider before installing

What to check before installing or running this skill: 1) Credentials and metadata mismatch: The registry lists no required environment variables, but the code clearly needs IMAP/SMTP credentials, OPENROUTER_API_KEY, and a Discord bot token. Do not provide these secrets until you inspect and trust the code. Update the registry metadata to list required env vars before running in production. 2) Run in dry-run / isolated environment first: Use the provided --dry-run mode and run the integration test in a sandbox or throwaway VM to verify behavior. Dry-run prints embeds instead of sending but still reads .env and local files — run on a machine that does not contain production secrets. 3) Inspect and harden .env and workspace paths: The scripts read a root .env and expect access to $WORKSPACE/skills/imap-smtp-email/ and a vector_store directory. Ensure those paths do not contain unrelated credentials or secrets you don't want this skill to access. Consider running the skill in a dedicated workspace with only the minimal KB and test mailboxes. 4) Child-process and external script execution: kb-retrieval uses execSync to call a python script in vector_store; discord-review uses execFile to invoke an SMTP node script. Confirm the existence and contents of those external scripts (they will execute with your environment and could run arbitrary code). If you cannot verify them, do not run the live pipeline. 5) Missing referenced files: The code attempts to call a scripts/smtp.js (via execFile) and references $WORKSPACE/skills/imap-smtp-email/drafts/ and vector_store/search-customers.py; verify those files exist and are safe. If files are missing it may crash or fall back to other behaviors. 6) Limit service permissions: If you run it, give the process least privilege: a dedicated mailbox account with minimal permissions, a Discord bot with access only to the review channel, and an OpenRouter key with appropriate billing/usage controls. Avoid using admin accounts or shared credentials. 7) Code review checklist: confirm that OpenRouter API key is used only for classification/reply generation, that the skill does not exfiltrate data to unknown endpoints, and that Discord messages are posted only to the configured channel. Check calls to fetch() and child_process usages for unexpected endpoints or command injection vectors. 8) Operational suggestions: Pin dependencies, run static code analysis, and consider wrapping the skill in a supervised service that enforces timeouts and logs network calls. Only enable automatic or cron-driven runs after a successful dry-run audit and after limiting the credentials to a test account.

✗

scripts/discord-review.js:197

Shell command execution detected (child_process).

✗

scripts/kb-retrieval.js:29

Shell command execution detected (child_process).

✗

scripts/integration-test.js:57

Environment variable access combined with network send.

✗

scripts/intent-recognition.js:117

Environment variable access combined with network send.

✗

scripts/reply-generation.js:24

Environment variable access combined with network send.

scripts/integration-test.js:255

File read combined with network send (possible exfiltration).

scripts/intent-recognition.js:20

File read combined with network send (possible exfiltration).

scripts/reply-generation.js:145

File read combined with network send (possible exfiltration).

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk972vtzcwqn2sbwjzrd50xfk3583q75n

87downloads

0stars

1versions

Updated 1mo ago

v1.0.0

MIT-0

email-smart-reply

Category: Email Automation
Status: Production-Ready
Version: 1.0.0
Created: 2026-03-24
Maintainer: WILSON + IRON

Description

Intelligent email auto-reply pipeline for B2B sales. Automatically classifies incoming emails by intent, retrieves relevant knowledge from your knowledge base, generates personalized reply drafts, and routes them through a Discord-based human review workflow before sending.

Pipeline: IMAP fetch → Intent Recognition → KB Retrieval → Reply Generation → Discord Review → SMTP Send

This skill is designed for B2B electronics manufacturing email workflows. It understands product lines (HDMI/DP/USB/LAN cables), customer intent categories specific to electronics manufacturing, and integrates with CRM data.

Core Modules

File	Purpose
`scripts/intent-recognition.js`	Classifies email intent via LLM (OpenRouter) with keyword fallback
`scripts/kb-retrieval.js`	Retrieves relevant knowledge from LanceDB + Obsidian vault
`scripts/reply-generation.js`	Generates personalized reply drafts using templates + KB context
`scripts/discord-review.js`	Pushes drafts to Discord for human approval before sending
`scripts/integration-test.js`	End-to-end pipeline test with `--dry-run` mode
`config/intent-schema.json`	Defines 6 intent categories with thresholds and behaviors
`config/discord-config.json`	Discord bot token and channel configuration

Intent Categories

Defined in config/intent-schema.json:

ID	English	Chinese	Priority	Auto-Draft	Fallback
`inquiry`	Product Inquiry	产品询价	high	✅	manual_review
`delivery-chase`	Delivery Follow-up	交期催促	high	✅	manual_review
`complaint`	Customer Complaint	客户投诉	urgent	❌	escalate_to_human
`technical`	Technical Support	技术支持	medium	✅	manual_review
`partnership`	Partnership/Collaboration	合作意向	high	✅	manual_review
`spam`	Spam/Promotional	垃圾邮件	low	❌	ignore

Confidence threshold: 0.75 (below this → needs_manual = true, no auto-draft sent)

Usage

Run Full Pipeline (Dry Run)

cd $WORKSPACE/skills/email-smart-reply/scripts
node integration-test.js --dry-run --limit 5

Run Full Pipeline (Live - sends to Discord review)

node integration-test.js --limit 10

Intent Recognition Only

const { recognizeIntent } = require('./scripts/intent-recognition');
const result = await recognizeIntent(emailText);
// Returns: { intent, confidence, method: 'llm'|'keyword' }

KB Retrieval Only

const { retrieveKB } = require('./scripts/kb-retrieval');
const results = await retrieveKB({ intent, emailText });
// Returns: { found, results: [{source, content}], queries }

Generate Reply Draft

const { generateReply } = require('./scripts/reply-generation');
const draft = await generateReply({ email, intentResult, kbResults });
// Returns: { draft_id, subject, body, needs_manual, reason } or null
// Draft saved to: $WORKSPACE/skills/imap-smtp-email/drafts/

Push to Discord Review

const { pushToDiscordReview } = require('./scripts/discord-review');
await pushToDiscordReview({ draft, email, intentResult });
// Sends embed with Approve/Edit/Discard buttons to #email-review channel

Discord Review CLI (manual actions)

node scripts/discord-review.js test          # Send test embed
node scripts/discord-review.js approve <draft_id>
node scripts/discord-review.js discard <draft_id>

Draft ID Format

DRAFT-{timestamp}-{3-letter-prefix}

Intent	Prefix
inquiry	INQ
delivery-chase	DEL
complaint	COM
technical	TEC
partnership	PAR
spam	(filtered, no draft)

Dependencies

External Services

IMAP/SMTP: Configured email account via enterprise mail provider
OpenRouter API: LLM intent classification (API key in .env)
Discord Bot: Token + channel (configured in config/discord-config.json)

Local Skills/Tools

$WORKSPACE/skills/imap-smtp-email/ — IMAP/SMTP transport layer
$WORKSPACE/vector_store/okki_vector_search_v3.py — LanceDB vector search
$KB_PATH — Product knowledge base (Obsidian vault)

Node.js Packages

imap / nodemailer — email transport (inherited from imap-smtp-email skill)
node-fetch — OpenRouter API calls
discord.js — Discord bot integration

Configuration

`config/intent-schema.json`

Intent definitions, keywords (EN + ZH), confidence thresholds
Fallback behaviors per intent type
Global settings (multi-intent handling, language detection)

`config/discord-config.json`

bot_token: Discord bot token
channel_id: Target channel for review embeds (<your-discord-channel-id>)
review_timeout_minutes: Auto-discard timeout (default: 30)

Safety Guarantees

No blind sending: All drafts require human approval via Discord before SMTP send
Low confidence → manual: Confidence < 0.75 sets needs_manual=true, skips Discord push, queues for manual review
Complaint escalation: Complaint intent never auto-drafts; always escalates to human
Spam filtering: Spam intent immediately discarded, no draft created
Dry-run mode: --dry-run flag for safe testing without real sends or Discord posts
Fallback degradation: LLM unavailable → keyword matching; IMAP unavailable → sample emails

Development History

Task: task-001 | Phase: 1 | Iterations: 5 | Duration: ~2.5 hours

Iteration	Agent	What Was Built
1	IRON	Initial attempt (timed out at 300s — restructured to single-subtask iterations)
2	IRON	Steps 1-3: intent-schema.json, intent-recognition.js, kb-retrieval.js
3	IRON	Step 4: reply-generation.js (templates, escalation logic, draft file I/O)
4	IRON	Step 5: discord-review.js (Embed format, 3-button interaction, CLI fallback)
5	IRON	Step 6: integration-test.js (full pipeline, --dry-run, test-results/ output)

Key Design Decisions:

Single-subtask-per-iteration strategy after initial timeout failure
LLM → keyword cascade for intent recognition robustness
Discord embed review (not email approval) for fast human-in-the-loop UX
needs_manual flag as primary safety gate (not confidence threshold alone)
Reviews stored locally in reviews-pending/ as fallback if Discord is unavailable

Known Limitations (Phase 1):

Integration tests use sample emails (real IMAP auth was unavailable in test env)
LLM intent classification falls back to keyword matching (confidence ~0.4–0.6)
Discord live push not tested in dry-run (separately verified in Iteration 4)

Phase 2 Roadmap

Real IMAP testing — Run pipeline against actual incoming emails, measure intent accuracy
LLM availability — Ensure OpenRouter API accessible in production
Discord Bot permissions — Confirm bot has send access to #email-review channel
Cron job — Schedule integration-test.js every 30 minutes via cron
Manual queue monitoring — Alert when needs_manual backlog exceeds threshold

File Structure

email-smart-reply/
├── SKILL.md                    ← This file
├── README.md                   ← Quick start guide
├── scripts/
│   ├── intent-recognition.js   ← LLM + keyword intent classifier
│   ├── kb-retrieval.js         ← LanceDB + Obsidian knowledge retrieval
│   ├── reply-generation.js     ← Template-based reply drafts
│   ├── discord-review.js       ← Discord embed review workflow
│   └── integration-test.js     ← End-to-end pipeline runner
├── config/
│   ├── intent-schema.json      ← Intent categories and thresholds
│   └── discord-config.json     ← Discord bot configuration
└── drafts/                     ← Generated draft replies (gitignored)

Environment Variables

Create a .env file in the skill root:

# LLM API
OPENROUTER_API_KEY=your-openrouter-api-key

# Knowledge Base Path (e.g. Obsidian vault)
KB_PATH=/path/to/your/knowledge-base

# Draft output directory
DRAFTS_DIR=./drafts

# Discord Review (optional)
DISCORD_BOT_TOKEN=your-discord-bot-token
DISCORD_REVIEW_CHANNEL_ID=your-channel-id

# IMAP (to read incoming emails)
IMAP_HOST=imap.your-provider.com
IMAP_PORT=993
IMAP_USER=your@email.com
IMAP_PASS=your-password

Source

This skill is a packaged, documented, reusable version of the email automation pipeline.

Comments

Loading comments...