← Back to Skills Marketplace
dmoraine

ClawInboxRAG

by dmoraine · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
124
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install clawinboxrag
Description
Community skill for parsing and executing local mailbox retrieval commands (`mail ...`) against a local backend with safe defaults, bounded output, and read-...
README (SKILL.md)

ClawInboxRAG (Community Skill)

Parse and execute mail ... commands for a local mailbox retrieval backend.

What this skill does

  • Parses chat commands with scripts/parse_mail.py.
  • Routes allowed actions to scripts/run_cli.sh.
  • Keeps output concise and citation-friendly.
  • Enforces safety constraints (read-only posture, limited command surface, bounded result counts).

Prerequisites

  • Local backend checkout.
  • Working Python environment and uv runner.
  • Gmail OAuth read-only scope.
  • Environment variables:
    • GMAIL_RAG_REPO (required)
    • GMAIL_RAG_UV_BIN (optional, default uv)
    • MAIL_DEFAULT_MODE (hybrid default)
    • MAIL_DEFAULT_LIMIT (5 default)
    • MAIL_MAX_LIMIT (25 default)

Supported input

Trigger: input starts with mail (case-insensitive).

Actions recognized by parser:

  • mail help -> help
  • mail status / mail stat -> status
  • mail labels / mail label -> labels
  • mail sync -> sync
  • mail recents [max|top|limit N] -> recents
  • everything else -> search (if non-empty query remains)

Search options recognized by parser:

  • Mode: keyword, semantic, hybrid (plus localized aliases in parser)
  • Limit: max N, top N, limit N, limite N
  • Label prefix: label \x3Cprefix> or tag \x3Cprefix>
  • Date filters: after \x3Cdate>, before \x3Cdate>, between \x3Cdate> and \x3Cdate>
  • Summary flag: resume (also résume, résumé, summary)

Command mapping

Use scripts/run_cli.sh for execution.

  • help -> return usage guidance (no CLI call required).
  • search -> search \x3Cquery> [--keyword|--semantic|--hybrid] --limit N [--label-prefix X] [--after ISO] [--before ISO]
  • recents -> recents --limit N
  • status -> status
  • labels -> labels
  • sync -> run in order:
    1. ingest-primary --limit 50
    2. embed --limit 200
    3. refresh-labels

Safety constraints

  • Read-only Gmail posture.
  • No credential/token disclosure.
  • No full raw body dumping by default.
  • Clamp numeric limits to configured max.
  • Validate date parsing before CLI options.
  • Use safe argument passing; do not interpolate untrusted shell strings.
Usage Guidance
This skill appears to do what it says: parse `mail ...` commands and call a local gmail-rag CLI in read-only mode. Before installing: (1) verify the registry metadata vs SKILL.md — set GMAIL_RAG_REPO and any MAIL_* env vars locally; (2) ensure the Gmail token used by your local backend is truly read-only (no send/delete scopes) and is stored only on your machine; (3) inspect the local backend (the gmail_rag code) that will be executed by run_cli.sh — the skill delegates execution to that repo, so its safety depends on that code; (4) if you plan to allow autonomous agent invocation, be aware the agent could run the wrapper when triggered — keep the token scope limited and the repo under your control. If any of these checks are unclear, treat the skill as untrusted until you confirm the local backend and required env vars.
Capability Analysis
Type: OpenClaw Skill Name: claw-inbox-rag Version: 1.0.0 The ClawInboxRAG skill is a legitimate utility designed to interface with a local Gmail RAG (Retrieval-Augmented Generation) backend. The provided scripts include a Python-based command parser (scripts/parse_mail.py) and a shell wrapper (scripts/run_cli.sh) that enforces an allowlist of subcommands (e.g., search, status, sync) before executing the backend CLI. The skill documentation (SKILL.md, references/security.md) emphasizes safety, read-only access, and bounded output, and no evidence of malicious intent, data exfiltration, or shell injection vulnerabilities was found.
Capability Assessment
Purpose & Capability
The skill claims to parse `mail ...` commands and run a local gmail-rag backend; the included parser and wrapper scripts match this purpose. Minor inconsistency: the registry metadata lists no required env vars, but SKILL.md/README/setup require GMAIL_RAG_REPO and other MAIL_* env vars — the skill needs a local repo path and runtime config that are not reflected in registry metadata.
Instruction Scope
SKILL.md instructs the agent to parse inputs with scripts/parse_mail.py and to invoke allowed subcommands via scripts/run_cli.sh. The scripts enforce an allowlist of subcommands, check GMAIL_RAG_REPO, and make no direct outbound network calls themselves. The runtime instructions do reference a local Gmail OAuth token (read-only) for the backend, which is appropriate for the stated purpose.
Install Mechanism
No install spec is provided (instruction-only skill plus small helper scripts). Nothing is downloaded from untrusted URLs and no extraction is specified. This is relatively low risk from an install standpoint.
Credentials
Requested environment/config values (GMAIL_RAG_REPO, optional GMAIL_RAG_UV_BIN, MAIL_DEFAULT_LIMIT, MAIL_MAX_LIMIT) are proportional to a local CLI wrapper. However, the manifest/registry omitted these required env vars while the SKILL.md/README mention them and also mention a Gmail OAuth token path — the skill will effectively rely on local OAuth tokens managed by the backend even though that token path/credential is not declared in the registry. Confirm required env vars before installing.
Persistence & Privilege
always is false and the skill does not request elevated platform privileges. It runs only when invoked and does not attempt to modify other skills or system configuration.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install clawinboxrag
  3. After installation, invoke the skill by name or use /clawinboxrag
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
ClawInboxRAG Skill 1.0.0 - Initial Release - Enables safe parsing and execution of local `mail ...` commands for ClawInboxRAG mailbox retrieval. - Supports read-only querying with bounded, citation-friendly output; never exposes full raw message bodies by default. - Includes actions: help, status, labels, sync, recents, and flexible search with advanced options. - Enforces safety constraints on command surface, numeric limits, and argument handling. - Clear error handling for setup, runner, index, and command issues. - Requires a local ClawInboxRAG checkout and proper environment configuration.
Metadata
Slug clawinboxrag
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is ClawInboxRAG?

Community skill for parsing and executing local mailbox retrieval commands (`mail ...`) against a local backend with safe defaults, bounded output, and read-... It is an AI Agent Skill for Claude Code / OpenClaw, with 124 downloads so far.

How do I install ClawInboxRAG?

Run "/install clawinboxrag" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ClawInboxRAG free?

Yes, ClawInboxRAG is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does ClawInboxRAG support?

ClawInboxRAG is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ClawInboxRAG?

It is built and maintained by dmoraine (@dmoraine); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments