← Back to Skills Marketplace
364
Downloads
2
Stars
3
Active Installs
8
Versions
Install in OpenClaw
/install safe-email
Description
Privacy-first workflow for processing explicitly forwarded emails via IMAP in a dedicated inbox. Use only when the user explicitly asks to process the latest...
Usage Guidance
This skill appears to do what it says: it will connect to an IMAP mailbox (using himalaya and the provided IMAP username + app password) and read the newest forwarded message when you explicitly ask it to. Before installing: (1) Use a dedicated inbox (as recommended) so the app password only exposes that mailbox. (2) Provide the app password via your runtime secret store (do not embed it in the skill). (3) Be aware that the app password grants full mailbox access—rotate/delete it if you stop using the skill. (4) Confirm the agent enforces the explicit-trigger rule and that you are comfortable with the agent's access to the mailbox; ambiguity in what counts as the “relevant” message could lead to reading an unintended email. (5) If you need stronger guarantees, consider running this skill only in an environment you control or using short-lived credentials.
Capability Analysis
Type: OpenClaw Skill
Name: safe-email
Version: 1.0.7
The 'safe-email' skill is a privacy-focused tool designed to extract structured information from forwarded emails using the 'himalaya' CLI. The instructions in SKILL.md explicitly enforce security best practices, such as requiring manual triggers, forbidding background polling, and mandating user consent for email deletion. No evidence of malicious intent, data exfiltration, or prompt injection was found.
Capability Assessment
Purpose & Capability
Name/description (privacy-first IMAP extraction) matches the declared requirements: it asks for an IMAP CLI (himalaya) and IMAP credentials (username + app password), which are exactly what a mailbox-reading skill needs.
Instruction Scope
SKILL.md restricts behavior (explicit trigger required, read only newest relevant message, optional deletion only with consent) and references only the declared IMAP credentials. However, some language is intentionally discretionary (e.g., deciding which message is the "newest relevant candidate"), which places trust in the agent's judgment. The policy relies on runtime enforcement rather than technical constraints, so there's a small risk the agent could read an unintended message if the trigger or relevance test is ambiguous.
Install Mechanism
Instruction-only skill with no install spec or downloads; lowest-risk install posture. It assumes a preinstalled himalaya binary, which is reasonable for an IMAP CLI workflow.
Credentials
Requested env vars (SAFE_EMAIL_IMAP_USERNAME and SAFE_EMAIL_IMAP_APP_PASSWORD) are proportional to the task. Note that an IMAP app password grants full access to the dedicated mailbox, so it is high-sensitivity data and should be provisioned securely and rotated if compromised. The metadata did not declare a primary credential, but that is not inconsistent.
Persistence & Privilege
always is false and the skill requires explicit triggers and forbids auto-polling in prose/metadata, limiting continual background access. Autonomous invocation is allowed by default, but the skill's explicit-trigger policy reduces risk.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install safe-email - After installation, invoke the skill by name or use
/safe-email - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
Scope simplification: removed calendar/reminder requirements and actions. Skill is now extraction-only (IMAP forwarded-email parsing + suggested next steps), with explicit-trigger and optional-deletion safeguards.
v1.0.6
Registry consistency fix: declared calendar/reminder config refs in requires.env and aligned SKILL.md credential section to metadata-declared inputs only.
v1.0.5
Metadata clarity update: added explicit top-level credentials/env declarations plus mirrored openclaw.requires credentials/env fields to eliminate registry ambiguity.
v1.0.4
Metadata coherence fix: moved required credentials and secret handling details under openclaw.requires for clearer registry parsing; retained privacy/compliance constraints.
v1.0.3
Consistency fix: aligned manifest and instructions on credentials/secrets. Credentials are required; secret source is flexible (env, keychain, secure refs, oauth store). Removed env-only implication and clarified policy.
v1.0.2
Compliance hardening: added required env/config declarations for IMAP + calendar/reminder credentials; clarified dedicated-forwarded-inbox requirement; added duplicate/timezone safety checks and explicit deletion-consent policy wording.
v1.0.1
Compliance update: declared required credentials/permissions in metadata; clarified explicit-trigger-only policy; made destructive email deletion opt-in with explicit consent.
v1.0.0
Initial release: privacy-first IMAP email workflow for forwarded mail to calendar/reminder with explicit-trigger-only and post-processing deletion.
Metadata
Frequently Asked Questions
What is Safe Email?
Privacy-first workflow for processing explicitly forwarded emails via IMAP in a dedicated inbox. Use only when the user explicitly asks to process the latest... It is an AI Agent Skill for Claude Code / OpenClaw, with 364 downloads so far.
How do I install Safe Email?
Run "/install safe-email" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Safe Email free?
Yes, Safe Email is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Safe Email support?
Safe Email is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Safe Email?
It is built and maintained by Nitan SDE (@nitansde); the current version is v1.0.7.
More Skills