ClawHub

Sendgrid Skills

v1.2.2

SendGrid email platform integration for sending and receiving emails. Routes to sub-skills for outbound transactional emails (send-email) and receiving via I...

3· 2k·1 current·1 all-time
byVince Lozada@vince-winkintel
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (SendGrid send/receive) match the declared requirements: SENDGRID_API_KEY and binaries curl, jq, node. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and included scripts instruct the agent to run local helper scripts that send mail via the SendGrid API and validate inbound webhook/DNS configuration. The scripts accept file paths and webhook URLs and will make network requests (SendGrid API and optional webhook testing). The scripts include input validation (file-extension checks, directory-traversal checks, hostname/url regexes) and the README warns to review scripts before running.
Install Mechanism
Instruction-only skill (no install spec). Scripts are bundled in the repo and will not download arbitrary code; no remote installs or URLs are used. This is the lowest-risk install pattern.
Credentials
Only SENDGRID_API_KEY is required (SENDGRID_FROM is optional). That matches the skill purpose. The skill even recommends scoping the key to Mail Send permissions.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or global agent settings, and is user-invocable. Autonomous invocation is allowed (platform default) but not combined with other privilege escalations.
Assessment
This package appears coherent for integrating with SendGrid, but review and follow these precautions before installing or running anything: 1) Inspect the included scripts (they're present in the bundle) before executing them; they will read files you point them at and make network requests (to SendGrid and optional webhook URLs). 2) Use an API key with least privilege (Mail Send only) and avoid using long-lived high-privilege keys in shared environments. 3) When verifying inbound webhooks, test against non-production endpoints first — the verify script will POST to whatever HTTPS webhook URL you provide (it has URL validation but still contacts external hosts). 4) Prefer using a dedicated subdomain and verified sender identities when sending/receiving emails. 5) If you plan to allow the agent to invoke this skill autonomously, be comfortable with the agent having the ability to call these scripts and send requests using your SENDGRID_API_KEY; otherwise keep invocation manual. If you want additional assurance, run the scripts in an isolated/test environment and rotate the API key after verification.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binscurl, jq, node
EnvSENDGRID_API_KEY
latestvk978ybcvzc90wsjry5j7kstvkx81wdfr
2kdownloads
3stars
5versions
Updated 1mo ago
v1.2.2
MIT-0
Vince Lozada@vince-winkintel
latest
Download

SendGrid

Overview

SendGrid is an email platform for developers. This skill routes to feature-specific sub-skills.

Sub-Skills

FeatureSkillUse When
Sending emailssend-emailTransactional emails, notifications, simple sends, dynamic templates
Receiving emailssendgrid-inboundInbound Parse Webhook, MX record setup, parsing incoming email

Common Setup

API Key

Store in environment variable:

export SENDGRID_API_KEY=SG.xxxxxxxxx

SDK Installation

See send-email skill for installation instructions across supported languages.

When to use SendGrid vs other services

What's your use case?
├─ Transactional emails (receipts, notifications, password resets)
│  └─ SendGrid (send-email) ✅
├─ Marketing campaigns / bulk email
│  └─ Consider SendGrid Marketing Campaigns (outside this skill)
├─ Receiving emails programmatically
│  └─ SendGrid Inbound Parse (sendgrid-inbound) ✅
└─ Simple SMTP relay
   └─ SendGrid SMTP (outside this skill)

Resources

Comments

Loading comments...