← Back to Skills Marketplace
canihojr

Bee Push Email

by canihojr · GitHub ↗ · v1.5.3 · MIT-0
cross-platform ✓ Security Clean
262
Downloads
2
Stars
0
Active Installs
12
Versions
Install in OpenClaw
/install bee-push-email-skill
Description
Monitors email in real-time via IMAP IDLE and triggers the OpenClaw agent to notify users through active channels like Telegram or Discord.
README (SKILL.md)

Email Push — IMAP IDLE → OpenClaw Agent → User Notification

Real-time email monitoring: IMAP IDLE detects new emails, triggers OpenClaw agent to process and notify the user via their active channel.

Security & Permissions

The agent MUST explicitly inform the user of all actions below and obtain approval before starting installation. Do not proceed without confirmed user consent.

What this skill installs (requires root)

Action Path / Target Notes
System user imap-watcher (useradd -r) Service runs as this non-root user
Python venv /opt/imap-watcher/ Isolated env, not system-wide
pip package imapclient (inside venv only) Not installed system-wide
Watcher script /opt/imap-watcher/imap_watcher.py Copied from skill directory
systemd unit /etc/systemd/system/imap-watcher.service Enabled + started, restarts on boot
Config file /opt/imap-watcher/watcher.conf chmod 600, owner imap-watcher only
Log file /var/log/imap-watcher.log chmod 640, owner imap-watcher

External downloads (requires user awareness)

What From Condition
himalaya binary github.com/pimalaya/himalaya/releases/latest/ Only if not already installed
Method curl | tar into /usr/local/bin/ Writes a system binary

Credentials accessed

Credential Source Usage
IMAP email password Provided by user at install time IMAP IDLE connection
Telegram botToken Read from ~/.openclaw/openclaw.json Registers /beemail* commands via Telegram API (setMyCommands)

The bot token is never stored by this skill.

Auto-reply behaviour

By default, the agent is instructed not to reply to email senders. This prevents exposing that the system is active and avoids phishing/spam risks. The allow_auto_reply field in watcher.conf controls this:

Value Behaviour
false (default) Agent notifies you via Telegram only. Never replies to senders.
ask Agent asks you for explicit approval via Telegram before replying.
true Agent may reply to senders if it deems appropriate (least safe).

Configured interactively during install. Change anytime with --reconfigure + systemctl restart imap-watcher.

If auto_reply_mode is missing from an existing install, the watcher logs [SECURITY] WARNING on startup and notifies the agent to alert you. The safe default false is applied until you run --reconfigure. It is read once per operation and used only to call api.telegram.org. The agent must inform the user that their bot token will be used to modify the bot's command menu.

Persistence

This skill installs a persistent background service (Restart=always, starts on boot). It maintains a continuous IMAP connection. The service runs as the dedicated imap-watcher user, not as root.

Uninstall removes everything: service, systemd unit, /opt/imap-watcher/, log file, system user, and Telegram bot commands.

Install Flow (4 stages)

Stage 1: Dependencies (--deps)

python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py --deps

Stage 2: Test Connection (--test)

echo '{"host":"...","port":993,"ssl":true,"email":"...","password":"..."}' | python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py --test

Stage 3: Install (only if Stage 1+2 passed)

echo '{"host":"...","port":993,"ssl":true,"email":"...","password":"..."}' | python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py

Stage 4: Verify (automatic)

Other Modes

Register Bot Commands (after update)

python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py --register-commands

Reconfigure (after update)

After running clawhub update bee-push-email, new config fields may be available. Run:

python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py --reconfigure

This detects fields missing from your existing /opt/imap-watcher/watcher.conf and asks about each one interactively — without touching your existing values. Restart the service after: systemctl restart imap-watcher.

Force Reinstall

echo '{...}' | python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py --force

Show Config / Uninstall

python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py --show
bash /root/.openclaw/workspace/skills/bee-push-email/scripts/uninstall.sh --yes

Telegram Bot Commands

\x3Cdetails> \x3Csummary>Click to expand command details\x3C/summary>

/beemail_status

  1. systemctl is-active imap-watcher + systemctl status imap-watcher --no-pager -l
  2. Last 10 log lines: journalctl -u imap-watcher -n 10 --no-pager
  3. UID state: cat /opt/imap-watcher/last_seen_uids.json
  4. Report: status, uptime, last email, IMAP state

/beemail_start

  1. systemctl start imap-watcher → wait 3s → verify active → show last 5 log lines

/beemail_stop

  1. systemctl stop imap-watcher → verify inactive → report

/beemail_test

  1. Check service active → read target email from config → tell user to send test email
  2. Optionally run: setup.py --test

/beemail

Quick summary: service active? + last email processed + one-liner health

/beemail_reply

Show current auto-reply mode:

  1. Run python3 \x3Cskill_dir>/scripts/setup.py --reply-status
  2. Report current mode with label: DISABLED / ASK / ENABLED

/beemail_reply_off

Disable auto-reply immediately:

  1. Run python3 \x3Cskill_dir>/scripts/setup.py --reply-off
  2. Service restarts automatically
  3. Confirm: "🔒 Auto-reply DISABLED"

/beemail_reply_ask

Set approval-required mode:

  1. Run python3 \x3Cskill_dir>/scripts/setup.py --reply-ask
  2. Service restarts automatically
  3. Confirm: "❓ Auto-reply set to ASK"

/beemail_reply_on

Enable auto-reply — warn the user first:

  1. Inform user: "⚠️ Enabling auto-reply exposes system activity to all senders including spam/phishing. Confirm?"
  2. Only proceed if user confirms
  3. Run python3 \x3Cskill_dir>/scripts/setup.py --reply-on
  4. Service restarts automatically
  5. Confirm: "⚠️ Auto-reply ENABLED"

\x3C/details>

Telegram Bot Commands Troubleshooting

If /beemail* commands don't appear in the Telegram menu after install:

  1. Verify registration:

    python3 /root/.openclaw/workspace/skills/bee-push-email/scripts/setup.py --register-commands

  2. Manual registration via BotFather:

    • Open @BotFather in Telegram
    • Send /setcommands
    • Select your bot
    • Add each command:
      • beemail — Email push status & recent emails
      • beemail_start — Start IMAP email watcher
      • beemail_stop — Stop IMAP email watcher
      • beemail_status — Detailed watcher service status
      • beemail_test — Send test email to verify push

  3. If bot token not found: The setup reads botToken from ~/.openclaw/openclaw.json. Check that the Telegram channel is configured.

  4. Commands registered but agent doesn't respond: The agent needs this skill installed to handle the commands. Verify with clawhub list.

Troubleshooting

  • Logs: journalctl -u imap-watcher -f
  • Status: systemctl status imap-watcher
  • Restart: systemctl restart imap-watcher
  • Config: /opt/imap-watcher/watcher.conf (JSON, chmod 600)
  • State: /opt/imap-watcher/last_seen_uids.json

Architecture

  1. imap_watcher.py maintains persistent IMAP IDLE connection
  2. On new email, resolves active OpenClaw session (with 60s cache)
  3. Triggers openclaw agent --deliver to process and notify user
  4. Uses Himalaya for email operations (read, move, reply)
  5. Runs as systemd service as dedicated imap-watcher user with auto-reconnect, exponential backoff, and health checks
Usage Guidance
What to consider before installing: - This skill performs a system-wide install (creates /opt/imap-watcher, a systemd unit at /etc/systemd/system/, and a system user) and requires root to run the installer — only install on machines you control and trust. - You will need to provide IMAP credentials (email + password or app-specific password) at install time — use an app-specific password where possible. - The installer will attempt to read your OpenClaw configuration to obtain a Telegram bot token (used only to register bot commands) and a gateway token. The bot token is read but not stored; the OpenClaw gateway token may be written to /opt/imap-watcher/watcher.conf (chmod 600) so the non-root service can call 'openclaw agent --deliver'. This stored gateway token grants the service ongoing ability to invoke your OpenClaw gateway — only proceed if you accept that. - The installer may download the 'himalaya' binary from GitHub Releases via curl|tar into /usr/local/bin; verify this is acceptable for your environment. - Auto-reply is disabled by default, but if you enable auto-reply (auto_reply_mode = 'true') the agent may reply to email senders — keep it off or 'ask' if you want safer behavior. - Practical steps: review the packaged scripts (setup.py, imap_watcher.py, telegram_commands.py, uninstall.sh) yourself or with a sysadmin; back up any tokens and rotate them after install if concerned; run the installer interactively and verify the agent prompts for explicit consent as the SKILL.md requires; consider running this on an isolated host or VM if you are unsure. Why I marked this 'benign (medium confidence)': the implementation, files, and instructions match the described purpose and the behaviors (systemd service, token reading) have plausible reasons, but the skill reads and persists sensitive local tokens and uses curl|tar installation for a binary — these are elevated actions that warrant explicit user review and consent.
Capability Analysis
Type: OpenClaw Skill Name: bee-push-email Version: 1.5.3 The bee-push-email skill provides real-time email notifications by maintaining an IMAP IDLE connection and triggering the OpenClaw agent. It performs high-privilege operations including creating a dedicated system user ('imap-watcher'), installing a systemd service, and downloading the 'himalaya' binary from GitHub. While these are high-risk behaviors, they are clearly aligned with the stated purpose, thoroughly documented in SKILL.md and README.md, and include security best practices such as running the background service as a non-root user and setting restrictive file permissions (chmod 600) on configuration files containing credentials. The skill also implements a safety-first 'auto_reply_mode' to prevent the agent from unintentionally responding to senders (e.g., phishing/spam) without explicit user consent.
Capability Assessment
Purpose & Capability
The skill's files and installer implement IMAP IDLE watching, use himalaya/imapclient to read messages, and trigger the OpenClaw agent and Telegram bot commands — all of which are consistent with 'Bee Push Email' functionality. The installer creates a non-root system user, venv, systemd unit, and uses the openclaw CLI as described. Note: registry metadata shown to you (no required binaries/env) does not match the SKILL.md and included installer scripts; the SKILL.md frontmatter and packaged scripts are where the real requirements live.
Instruction Scope
Runtime instructions and scripts perform root-level installation steps (useradd, writing /opt, /etc/systemd/system, /usr/local/bin), read local OpenClaw configuration files to find a Telegram bot token and gateway token, and call external endpoints (api.telegram.org and GitHub releases). These actions are within the skill's stated scope but are sensitive (see credential notes). The SKILL.md explicitly requires user consent before install which is appropriate.
Install Mechanism
There is no remote arbitrary install spec in the registry, but the packaged installer will optionally download the himalaya binary from GitHub Releases using 'curl | tar' into /usr/local/bin. GitHub releases is a known host (lower risk than unknown servers) but curl|tar extraction into system binary paths is moderately risky and requires root; the rest of the code is bundled with the skill so no other external code downloads are performed.
Credentials
The skill requires IMAP credentials (expected) and reads OpenClaw configuration to locate a Telegram bot token (used to register bot commands) and an OpenClaw gateway token. Reading the bot token is reasonable for registering commands and the bot token is not stored by the skill, but the installer will store the OpenClaw gateway token into /opt/imap-watcher/watcher.conf (chmod 600) so the non-root service can call 'openclaw agent --deliver'. Persistently storing that gateway token expands the service's long-term access to the user's OpenClaw gateway and is a sensitive and material permission — the user must consent and consider rotating or restricting the token scope if possible.
Persistence & Privilege
The skill installs a persistent systemd service that runs on boot as a dedicated non-root 'imap-watcher' user and restarts automatically. This persistence is required for continuous IMAP IDLE functionality and is coherent with purpose, but it is a lasting system-level presence and therefore higher-privilege (requires root to install). The SKILL.md instructs obtaining explicit user approval before installation, which is appropriate.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install bee-push-email-skill
  3. After installation, invoke the skill by name or use /bee-push-email-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.5.3
**bee-push-email 1.5.3 Changelog** - Added new Telegram bot commands: `/beemail_reply`, `/beemail_reply_off`, `/beemail_reply_ask`, and `/beemail_reply_on` for managing email auto-reply behavior directly from Telegram. - Updated command usage instructions and documentation to reflect new auto-reply control options. - Improved skill descriptor with emoji and simplified requirements section. - No code or logic changes (documentation and trigger/command list updates only).
v1.4.1
Version 1.4.1 of bee-push-email - No file changes detected. - Version bump only; no functional updates from 1.4.0.
v1.4.0
**Version 1.4.0 introduces auto-reply safety controls and a reconfiguration flow for secure, user-approved behavior.** - Adds interactive prompt during install to configure `auto_reply_mode` (false/ask/true) for email replies. - Defaults to never auto-reply for improved safety; agent notifies user before replying if set to "ask". - Updates security documentation—agent logs a `[SECURITY] WARNING` and alerts the user if a required config is missing. - Introduces `--reconfigure` option to safely add new config fields without overwriting existing settings. - Existing users are prompted to review and set new security options after updating.
v1.2.1
**Added system requirement, credential, and security clarification to documentation.** - Declared required/optional binaries and privileges in the SKILL.md metadata. - Added explicit credential details and install/persistence requirements. - Clarified installation consent and the handling of user credentials. - No code or functional changes; documentation and skill metadata only.
v1.2.0
No code or documentation changes detected between versions. - Version bump only; no functional changes. - No user action required.
v1.1.1
- Added _meta.json metadata file for improved package management and metadata tracking. - Version bump from 1.1.0 to 1.2.0. - No functional or behavioral changes to the skill logic.
v1.1.0
**bee-push-email 1.0.5 Changelog:** - Added `scripts/telegram_commands.py` for Telegram bot command handling. - Added `scripts/unregister_commands.py` for unregistering Telegram bot commands.
v1.0.4
**This version adds a new section clarifying security, permissions, and required user approval before install.** - Documents all system-level changes and permission requirements (venv, pip install, himalaya download, systemd, config, logs). - Notes credential handling, file permissions, and guarantees password never in logs. - Uninstall instructions updated for complete cleanup and permission awareness. - Adds command to register Telegram bot commands after skill update, without reinstalling. - Enhances transparency for users and administrators about installation impact.
v1.0.3
New Telegram bot command support and improved status actions - Added triggers for Telegram commands: /beemail, /beemail_start, /beemail_stop, /beemail_status, and /beemail_test. - Agent now supports starting, stopping, and checking status of the watcher service via these commands. - Status commands provide concise service state, recent logs, and last processed email. - Updated documentation and command examples to use new skill name and command set. - No core functionality changes to email push system outside of new command triggers.
v1.0.2
- Added a CHANGELOG.md file for better version tracking and transparency. - Removed imap_watcher.py from the project files.
v1.0.1
- Added .gitignore file to support Git version control and exclude unnecessary files. - Introduced imap_watcher.py script for persistent IMAP IDLE email monitoring.
v1.0.0
- Initial release of the bee-push-email skill for real-time email notifications via IMAP IDLE, Himalaya, and OpenClaw agent. - Provides a guided four-stage install process: dependencies check, connection test, installation, and automatic post-install verification. - Supports configuration display, system uninstall, and troubleshooting via logs and systemd service management. - Automatically detects new emails and delivers notifications to the user's preferred active channel (Telegram, Discord, etc.). - Includes security-focused configuration and persistent service architecture with fail-safes and cleanup tools.
Metadata
Slug bee-push-email-skill
Version 1.5.3
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 12
Frequently Asked Questions

What is Bee Push Email?

Monitors email in real-time via IMAP IDLE and triggers the OpenClaw agent to notify users through active channels like Telegram or Discord. It is an AI Agent Skill for Claude Code / OpenClaw, with 262 downloads so far.

How do I install Bee Push Email?

Run "/install bee-push-email-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Bee Push Email free?

Yes, Bee Push Email is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Bee Push Email support?

Bee Push Email is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Bee Push Email?

It is built and maintained by canihojr (@canihojr); the current version is v1.5.3.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments