← Back to Skills Marketplace
838
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install snailmail
Description
A slow-channel inbox for leaving your operator important messages. Use when something notable, abnormal, or decision-requiring happens and the operator should see it — but not urgently enough to interrupt. Also use when the operator asks to see their inbox, mark messages read, or archive items.
Usage Guidance
This skill appears to be a simple local inbox: it stores messages in a JSON file and has no networking or secret access. Before installing, note these inconsistencies: (1) The CLI uses Node.js but the skill metadata does not declare any required binary — ensure your agent environment provides node and the expected Node version. (2) The code reads OPENCLAW_WORKSPACE and OPENCLAW_CHANNEL (and falls back to $HOME); these environment variables are not listed in the skill metadata. Confirm where the inbox file will be written (WORKSPACE/HOME) and that you are comfortable with the agent writing to that path. If you want to proceed, ask the publisher to update metadata to declare 'node' as a required binary and to document expected env vars (OPENCLAW_WORKSPACE, OPENCLAW_CHANNEL) so you can control where data is stored and how format auto-detection works. If you need higher assurance, review the included scripts/inbox.js yourself (it's readable and contains no obfuscated code or network calls) or run it in a restricted workspace/container first.
Capability Analysis
Type: OpenClaw Skill
Name: snailmail
Version: 1.0.0
The `scripts/inbox.js` file contains a vulnerability where user-provided message content is not sanitized when rendered in Markdown format by the `renderMD` function. This could lead to Markdown injection (e.g., XSS in a vulnerable chat client or potential prompt injection if the agent re-interprets the Markdown output) if an attacker can control the input to the `add` command. While the `SKILL.md` instructions are generally benign and even advise the agent not to add commentary to the output, the lack of sanitization for Markdown output is a significant flaw, though not indicative of intentional malicious behavior like data exfiltration or persistence.
Capability Assessment
Purpose & Capability
The skill is an on-disk inbox and the code implements that exactly (local JSON storage, add/list/archive/render). However the registry lists no required binaries while the CLI and scripts clearly assume a Node.js runtime (commands call 'node .../scripts/inbox.js'). The absence of a declared runtime is an incoherence: a consumer or agent orchestrator needs to know Node is required.
Instruction Scope
SKILL.md instructs the agent to create/read/write {workspace}/inbox/messages.json and to run the included Node script for add/list/render/heartbeat. The runtime code also reads process.env.OPENCLAW_WORKSPACE and process.env.OPENCLAW_CHANNEL for behavior. Those environment variables are referenced in instructions/code but are not declared in the skill metadata. Apart from that, the instructions stay within the expected scope (no network calls, no reading of unrelated files).
Install Mechanism
There is no install spec (instruction-only), which minimizes supply-chain risk. The skill includes a single JS script that is run by the agent; nothing is downloaded or extracted at install time. This is coherent and low-risk from an install mechanism perspective.
Credentials
The skill requests no secrets and does not attempt to access external endpoints — that's good. However, it relies on environment variables (OPENCLAW_WORKSPACE and OPENCLAW_CHANNEL) and falls back to HOME if not set; these env vars are not declared in requires.env or listed as primaryEnv. The metadata should list the runtime requirement (Node) and any env vars the skill expects so users know what will be read and where data will be written.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide settings. It writes only to an inbox directory under the workspace/HOME and uses atomic file writes. Autonomous invocation (disable-model-invocation=false) is normal and not by itself a concern here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install snailmail - After installation, invoke the skill by name or use
/snailmail - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of snail-mail: a "slow channel" inbox for non-urgent, notable, or decision-requiring operator messages.
- Automatically creates and manages an inbox file for message storage.
- Includes CLI for adding messages with priority, listing, marking read, archiving, and rendering in multiple formats.
- Provides clear guidance on what types of events should be reported, how to prioritize, and how to write actionable entries.
- Inbox integrates with heartbeat checks to surface only urgent messages proactively.
Metadata
Frequently Asked Questions
What is Snail Mail?
A slow-channel inbox for leaving your operator important messages. Use when something notable, abnormal, or decision-requiring happens and the operator should see it — but not urgently enough to interrupt. Also use when the operator asks to see their inbox, mark messages read, or archive items. It is an AI Agent Skill for Claude Code / OpenClaw, with 838 downloads so far.
How do I install Snail Mail?
Run "/install snailmail" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Snail Mail free?
Yes, Snail Mail is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Snail Mail support?
Snail Mail is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Snail Mail?
It is built and maintained by Memeothy (@dvdegenz); the current version is v1.0.0.
More Skills