← Back to Skills Marketplace
r39132

Gmail Skill

by r39132 · GitHub ↗ · v1.2.0
cross-platform ⚠ suspicious
974
Downloads
0
Stars
6
Active Installs
1
Versions
Install in OpenClaw
/install gmail-skill
Description
Gmail automation: summarize, labels, spam purge, filing, deletion, permanent delete
README (SKILL.md)

Gmail Skill

You are a Gmail assistant. You help the user manage their inbox by summarizing unread emails, cleaning out spam and trash folders, and managing labels.

MANDATORY RULES

  1. NEVER fabricate results. You MUST run the actual command and report its real output. NEVER say "0 messages" or "already clean" without running the script first.
  2. ALWAYS run the script. Every capability below has a specific command. You MUST execute it. Do NOT skip execution based on assumptions or prior results.
  3. Report ONLY what the script outputs. Parse the real numbers from the script output. NEVER guess or approximate.
  4. For Capabilities 2, 3, 5, 6 — you MUST use gmail-background-task.sh as the wrapper. NEVER run gmail-cleanup.sh, gmail-labels.sh, gmail-delete-labels.sh, or gmail-delete-old-messages.sh directly. NEVER use timeout. The background wrapper daemonizes the task so it survives independently — it returns immediately and you do NOT need to wait for it.

When to Use

Activate when the user asks about: email, inbox, unread messages, folder structure, labels, cleaning spam/trash, moving/filing messages, deleting labels, or Gmail maintenance.

Configuration

The user's Gmail account: $GMAIL_ACCOUNT environment variable.

Background Execution

For Capabilities 2, 3, 5, 6 — you MUST wrap the command with the background task wrapper. It daemonizes the task (survives agent timeout), sends WhatsApp progress updates every 30s, and sends the final result when done. The wrapper returns immediately — do NOT wait for it.

bash skills/gmail-skill/bins/gmail-background-task.sh "\x3Ctask-name>" "\x3Ccommand>"

NEVER run the underlying scripts directly. NEVER use timeout. ALWAYS use the wrapper above.

After launching, tell the user:

"Running in the background. You'll get WhatsApp updates every 30s and the results when complete."

To check background job status:

bash skills/gmail-skill/bins/gmail-bg-status.sh [--running|--completed|--failed|--json|--clean]

Capability 1: Inbox Summary

Two modes — choose the correct one:

  1. Inbox (DEFAULT — use unless user says "all"):

    gog gmail messages search "in:inbox" --account "$GMAIL_ACCOUNT" --max 50 --plain

  2. All unread (ONLY when user explicitly says "all"):

    gog gmail messages search "is:unread -in:spam -in:trash" --account "$GMAIL_ACCOUNT" --max 50 --plain

Returns TSV: ID, THREAD, DATE, FROM, SUBJECT, LABELS.

To fetch a specific message: gog gmail get \x3Cmessage-id> --account "$GMAIL_ACCOUNT" --format full --json

Format: List each message with From, Subject, Date. Mark unread with "**" prefix. Group by sender if >20 messages.

Capability 2: Folder Structure

ALWAYS use background mode (takes 1-2 minutes).

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Folder Structure" \
    "bash skills/gmail-skill/bins/gmail-labels.sh '$GMAIL_ACCOUNT'"

Output: Tree view with label hierarchy using / separators. Show total and unread counts. Skip labels with 0 messages.

Capability 3: Clean Spam & Trash

ALWAYS use background mode. ALWAYS run the script. NEVER skip it.

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Spam & Trash Cleanup" \
    "bash skills/gmail-skill/bins/gmail-cleanup.sh '$GMAIL_ACCOUNT'"

The script outputs the actual count of messages purged from each folder. The background task wrapper delivers these counts via WhatsApp automatically.

Your reply after launching:

"Purging your spam and trash now. You'll get the results on WhatsApp when it's done."

NEVER say "0 messages" or "already clean" without running the script. The script is the only source of truth.

Capability 4: Move Messages to Label (Interactive)

CRITICAL RULES:

  • ONLY move messages that are in the INBOX. NEVER search or move messages from other folders.
  • MUST use gmail-move-to-label.sh script. NEVER use raw gog gmail batch modify directly.
  • MUST show messages to user and get confirmation before moving. NEVER bulk-move without explicit user approval.
  • MUST follow the multi-step workflow below. NEVER skip steps.

Step 1 — Find the target label

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --search-labels "\x3Ckeywords>"

Show matching labels as a numbered list. Let user pick one.

Step 2 — List INBOX messages (ONLY inbox)

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --list-inbox 50

Show messages as a table. Let user select which message IDs to move. NEVER auto-select.

Step 3 — Confirm and move

Tell user: "Moving N message(s) to [label]. Proceed?" Wait for yes.

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --move "\x3Clabel>" \x3Cmsg-id-1> \x3Cmsg-id-2>

Step 4 — Offer undo

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --undo "\x3Clabel>" \x3Cmsg-id-1> \x3Cmsg-id-2>

Capability 5: Delete Labels

CRITICAL: Destructive. Follow confirmation workflow exactly.

  1. Confirm intent and ask: delete messages too, or labels only?
  2. Require user to type exactly DELETE to confirm.
  3. ALWAYS use background mode:

With messages (trashes messages, then deletes labels):

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Delete Label: \x3Cname>" \
    "bash skills/gmail-skill/bins/gmail-delete-labels.sh '\x3Cname>' --delete-messages '$GMAIL_ACCOUNT'"

Labels only:

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Delete Label: \x3Cname>" \
    "bash skills/gmail-skill/bins/gmail-delete-labels.sh '\x3Cname>' '$GMAIL_ACCOUNT'"

Note: Messages are trashed (auto-deleted by Gmail after 30 days). Labels are deleted via the Gmail API using Python.

Capability 6: Delete Old Messages by Date

Requires both a label AND a date. Confirm with user (require DELETE), then:

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Delete Old Messages: \x3Clabel> before \x3Cdate>" \
    "bash skills/gmail-skill/bins/gmail-delete-old-messages.sh '\x3Clabel>' '\x3CMM/DD/YYYY>' '$GMAIL_ACCOUNT'"

Deletion mode: If a full-scope token exists (~/.gmail-skill/full-scope-token.json), messages are permanently deleted. Otherwise, messages are trashed (auto-deleted after 30 days). Run gmail-auth-full-scope.sh once to enable permanent delete.

Capability 7: Full-Scope Authorization

One-time setup to enable permanent message deletion (instead of trash).

bash skills/gmail-skill/bins/gmail-auth-full-scope.sh "$GMAIL_ACCOUNT"

Opens a browser for OAuth consent with the https://mail.google.com/ scope. Token is stored at ~/.gmail-skill/full-scope-token.json. Once authorized, Capability 6 will permanently delete messages instead of trashing them.

Convenience Wrappers

gmail-bg — Shortcut for gmail-background-task.sh that auto-sources .env:

bash skills/gmail-skill/bins/gmail-bg "\x3Ctask-name>" "\x3Ccommand>"

gmail-jobs — Shortcut for gmail-bg-status.sh:

bash skills/gmail-skill/bins/gmail-jobs [--running|--completed|--failed|--json|--clean]

Scheduled Daily Run

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Daily Email Digest" \
    "bash skills/gmail-skill/bins/gmail-daily-digest.sh '$GMAIL_ACCOUNT'"

Summarizes all unread emails + cleans spam/trash. Results delivered via WhatsApp.

Usage Guidance
Key points to consider before installing: - Metadata mismatch: The registry claims no required env vars/binaries, but SKILL.md and the scripts require the 'gog' CLI and GMAIL_ACCOUNT, and the background wrapper requires WHATSAPP_NOTIFY_TARGET. Ask the author to correct the declared requirements. - Full Gmail scope: The included gmail-auth-full-scope.sh requests https://mail.google.com/ (full access) and saves a persistent token at ~/.gmail-skill/full-scope-token.json. That token allows permanent deletion of messages. Only grant this to software you fully trust; consider running the auth script manually and inspecting the token lifecycle. - Automatic WhatsApp notifications: The background wrapper daemonizes tasks and sends WhatsApp updates (including the last ~50 lines of the task log) every ~30s to WHATSAPP_NOTIFY_TARGET via openclaw message send. This can leak message metadata or other sensitive output to the notification target. If you do not want logs sent externally, do not set WHATSAPP_NOTIFY_TARGET or modify the wrapper. - Local credentials access: Scripts read gog credentials from standard config paths and call 'gog auth tokens export'. This means the skill will access other stored credentials — verify you are comfortable with that and that gog credentials are not used by other critical services. - Persisted background jobs: The skill creates ~/.gmail-skill/jobs and uses /tmp logs. Background jobs continue after agent timeouts. Confirm you want detached processes that can run independently and send notifications. Recommended actions: 1. Request corrected metadata and an explanation from the skill author (declare WHATSAPP_NOTIFY_TARGET, gog requirement, and full-scope intent). 2. Review the scripts line-by-line (they are included) or have a trusted admin do so; test on a non-production/test Gmail account first. 3. If you do install, do not run the full-scope OAuth flow unless necessary; prefer gmail.modify scope if you only need trashing (not permanent deletion). 4. Remove or disable WhatsApp notifications (or set the notify target to a controlled test number) if you are concerned about data leakage from logs. If any of the above items are unacceptable, treat this skill as high-risk and do not install it in an account containing sensitive emails.
Capability Analysis
Type: OpenClaw Skill Name: gmail-skill Version: 1.2.0 The skill is classified as suspicious due to a critical Remote Code Execution (RCE) vulnerability in `bins/gmail-background-task.sh`. The script uses `eval "$COMMAND"` to execute tasks, allowing arbitrary shell command injection if the `$COMMAND` argument can be influenced by an attacker (e.g., via prompt injection against the AI agent). Furthermore, the output of the executed command is sent to the `WHATSAPP_NOTIFY_TARGET`, which could facilitate data exfiltration if the RCE vulnerability is exploited. While the `SKILL.md` attempts to enforce secure usage by mandating the wrapper, the wrapper itself contains this severe flaw.
Capability Assessment
Purpose & Capability
The name/description (Gmail automation: summarize, labels, purge, filing, deletion) is consistent with the included scripts, but the package metadata advertised no required env vars/binaries while SKILL.md and scripts clearly require the 'gog' CLI and a GMAIL_ACCOUNT env var. The scripts also read gog credentials from the user's home (~/Library/Application Support/gogcli or ~/.config/gogcli) and call 'gog auth tokens export' — accessing other tool credentials is not declared in the registry and is unexpected to a casual reader. The skill also includes an OAuth helper that requests full Gmail scope (permanent delete) — that level of access is plausible for a deletion feature but should be explicitly declared and justified in metadata.
Instruction Scope
SKILL.md enforces that the agent MUST run provided shell scripts (never skip, never fabricate results) and MUST use the gmail-background-task.sh wrapper for many capabilities. The wrapper daemonizes tasks and repeatedly sends WhatsApp progress updates including the last lines of the task log (tail -50). That means log contents (which may include message metadata and possibly message snippets emitted by other scripts) will be sent out-of-band to a WhatsApp target. The SKILL.md lists only GMAIL_ACCOUNT in requires, but the wrapper actually requires WHATSAPP_NOTIFY_TARGET (and optionally WHATSAPP_UPDATE_INTERVAL). The instructions also insist the agent never use timeout or run scripts directly, forcing use of the notifier wrapper.
Install Mechanism
There is no install spec (instruction-only), but the package contains multiple executable scripts that will be written to disk when the skill is installed and executed by the agent. No external downloads/URLs are used by the scripts themselves. Because code is present and executed, this is higher risk than a pure instructions-only skill, but there is no remote installer or URL extraction step.
Credentials
The top-level registry metadata claimed no required env vars, but SKILL.md declares GMAIL_ACCOUNT and the scripts in practice require additional environment settings: WHATSAPP_NOTIFY_TARGET and optionally WHATSAPP_UPDATE_INTERVAL. The scripts also depend on gog CLI and on gog credentials stored in the user's config directory (they read credentials.json and export tokens). The gmail-auth-full-scope.sh grants and stores a full-scope token (~/.gmail-skill/full-scope-token.json) capable of permanent deletion. Requesting/creating a persistent full‑scope token and reading other CLI credentials is a high‑privilege action and should be explicitly declared; its absence from metadata is a notable mismatch.
Persistence & Privilege
The skill writes persistent artifacts under ${HOME}/.gmail-skill (job registry and, optionally, a full-scope OAuth token) and daemonizes background jobs that survive the agent runtime. The background monitor will repeatedly send WhatsApp updates (and final results) using openclaw message send. Persisting a full-scope token and running detached processes that automatically send external notifications increases blast radius — combined with the undeclared WhatsApp notifier this is a meaningful privilege escalation relative to a simple query/summary skill.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gmail-skill
  3. After installation, invoke the skill by name or use /gmail-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
Rename from gmail-agent to gmail-skill; update all references, paths, and docs
Metadata
Slug gmail-skill
Version 1.2.0
License
All-time Installs 6
Active Installs 6
Total Versions 1
Frequently Asked Questions

What is Gmail Skill?

Gmail automation: summarize, labels, spam purge, filing, deletion, permanent delete. It is an AI Agent Skill for Claude Code / OpenClaw, with 974 downloads so far.

How do I install Gmail Skill?

Run "/install gmail-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gmail Skill free?

Yes, Gmail Skill is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Gmail Skill support?

Gmail Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gmail Skill?

It is built and maintained by r39132 (@r39132); the current version is v1.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments