← Back to Skills Marketplace
Resend Skills
by
Christina Martinez
· GitHub ↗
· v3.3.1
· MIT-0
2348
Downloads
3
Stars
5
Active Installs
8
Versions
Install in OpenClaw
/install resend-skills
Description
Use when working with the Resend email API — sending transactional emails (single or batch), receiving inbound emails via webhooks, managing email templates,...
Usage Guidance
This package appears to be a documentation-heavy Resend integration and legitimately needs your RESEND_API_KEY (and optionally the webhook signing secret). Before installing: 1) verify the skill's source (the registry metadata lists 'unknown' but the SKILL.md references resend.com and a GitHub repo) — prefer skills published by the official vendor; 2) confirm your platform will provide the Node SDK or add an explicit install step (npm install resend) — right now there's no install spec; 3) treat RESEND_API_KEY and RESEND_WEBHOOK_SECRET as sensitive: do not paste them into code that logs them (some examples print created tokens to console); 4) because the skill can be invoked autonomously and will have access to your API key if you provide it, consider granting a scoped sending-only API key (if Resend supports it) rather than a full-access key; 5) ask the publisher to fix the registry metadata to declare required env vars and provide an install spec or host the skill from the official repo. These fixes would change the assessment to benign if they match the embedded SKILL.md and the publisher identity is verified.
Capability Analysis
Type: OpenClaw Skill
Name: resend-skills
Version: 3.3.1
The Resend skill bundle is a comprehensive and well-documented integration for the Resend email API. It provides extensive guidance and code examples for Node.js, Python, and other languages covering email delivery, template management, webhooks, and domain verification. The instructions in SKILL.md and the reference files focus on production best practices, such as using idempotency keys to prevent duplicate sends and mandatory webhook signature verification to prevent spoofing. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; in fact, the documentation explicitly warns about security risks when processing untrusted email content and recommends additional security skills.
Capability Tags
Capability Assessment
Purpose & Capability
Name, description, and included docs/code consistently implement Resend API functionality (sending, webhooks, templates, logs, etc.). The SKILL.md declares RESEND_API_KEY (required) and RESEND_WEBHOOK_SECRET (optional) which are appropriate for this purpose. However, the registry-level metadata claims no required env vars / no homepage / unknown source while the embedded SKILL.md and file manifest reference an upstream source and require credentials — this mismatch is an incoherence.
Instruction Scope
SKILL.md instructions and examples stay within Resend API scope (send emails, verify webhooks, manage templates, etc.). The instructions reference only RESEND_API_KEY and RESEND_WEBHOOK_SECRET and standard SDK calls; there are no instructions to read unrelated system files or exfiltrate arbitrary data. Examples do print tokens/secrets to console in docs (e.g., showing created API key or signing_secret), which is a potential accidental-leak risk if users copy example code into production without securing logs.
Install Mechanism
There is no install spec even though code examples (and fetch-all-templates.mjs) require the 'resend' npm package (comment: 'Requires: npm install resend'). The skill will likely need the Resend SDK at runtime but does not declare installation steps; absence of an install spec means the agent/platform needs to provide the SDK or the examples will fail. This mismatch is a packaging/operational risk (not inherently malicious) and should be clarified.
Credentials
The SKILL.md rightly requires RESEND_API_KEY (and optionally RESEND_WEBHOOK_SECRET) which are proportional to the stated capabilities. The problem: the registry metadata listed no required env vars/primary credential — a discrepancy that could lead users to install the skill without realizing it needs sensitive credentials. Also some example snippets show printing tokens/signing secrets to stdout; copying those examples verbatim could leak secrets to logs.
Persistence & Privilege
The skill is not marked always:true and does not request system config paths or modify other skills. Autonomous invocation is allowed (platform default) but not combined with other high-risk privileges here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install resend-skills - After installation, invoke the skill by name or use
/resend-skills - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.3.1
Add support for automations and events
Add support for logs
Move evals out of the skills folder
v2.7.0
- Introduced new `templates` sub-skill for managing email templates via API.
- Expanded SKILL.md documentation to include usage and routing details for template management.
- Added files for template management workflows and testing: templates/SKILL.md, templates/fetch-all-templates.mjs, templates/reference.md, tests/templates.test.md.
- Recommend Tailscale Funnels for webhook tunneling.
v2.5.0
- Bumped skill version from 2.4.0 to 2.5.0 in metadata.
- In the last update (which we didn't publish here), we also updated the language in the tests to not sound like it's a prompt injection. That language was causing this package to be marked as suspicious. We're hoping this clears it up!
v2.4.0
Resend skill v2.4.0 includes sub-skill improvements, security clarifications, and new test coverage.
- Added new sub-skill: `agent-email-inbox`, replacing `moltbot` for AI/automated inbox workflows with enhanced security notes.
- Updated skill metadata: explicit API inputs (`RESEND_API_KEY`, `RESEND_WEBHOOK_SECRET`), homepage and source links.
- Clarified use cases and security for systems processing untrusted emails.
- Added guidance for marketing/broadcast emails.
- New test files added: coverage for sending, receiving, routing, and agent inbox workflows.
v2.2.0
- Improved guidance on using webhooks to notify our clawed friends on email receipt.
v2.0.1
- Improved webhook setup instructions
- Bumped skill version from 2.0.0 to 2.1.0 in metadata.
v2.0.0
Big update: Added support for AI agent email inboxes via a new sub-skill.
- Introduced the `agent-email-inbox` sub-skill for setting up email inboxes for AI agents.
- Expanded sub-skills table and quick routing section to include AI agent inbox setup and security features.
- Provided instructions for webhook setup (including local development via tunneling) and security measures to prevent prompt injection.
- Version updated from 1.1.0 to 2.0.0.
v1.1.0
- Initial release of resend-skills v1.0.0.
- Offers routing to sub-skills for sending (send-email) and receiving (resend-inbound) emails using the Resend platform.
- Provides setup guidance for API keys and SDK installation.
- Includes documentation links and quick-use scenarios for each email function.
Metadata
Frequently Asked Questions
What is Resend Skills?
Use when working with the Resend email API — sending transactional emails (single or batch), receiving inbound emails via webhooks, managing email templates,... It is an AI Agent Skill for Claude Code / OpenClaw, with 2348 downloads so far.
How do I install Resend Skills?
Run "/install resend-skills" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Resend Skills free?
Yes, Resend Skills is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Resend Skills support?
Resend Skills is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Resend Skills?
It is built and maintained by Christina Martinez (@christina-de-martinez); the current version is v3.3.1.
More Skills