← Back to Skills Marketplace
PayLessTax Email Campaign
by
Carl Luis Olivier
· GitHub ↗
· v2.0.0
380
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install email-campaign
Description
PayLessTax email automation system - 4x daily, 250 emails each
README (SKILL.md)
Email Campaign Skill
Overview
High-volume email campaign system for PayLessTax. Delivers 1,000 emails daily in 4 batches.
Purpose
- Send 250 emails per batch, 4 batches daily (6am, 12pm, 3pm, 6pm)
- Track bounces and unsubscribes
- Scrape inbox for new contacts
- Manage Google Workspace Gmail via service account
Input Variables
| Variable | Description | Example |
|---|---|---|
| GOOGLE_SERVICE_ACCOUNT | JSON credentials | { "type": "service_account", ... } |
| USER_EMAIL | Sending user email | [email protected] |
| ALIAS_EMAIL | From address | [email protected] |
| MAILING_LIST_PATH | Excel CSV of contacts | /workdir/mailing-list.xlsx |
| BATCH_SIZE | Emails per batch | 250 (do NOT exceed Gmail limits) |
Signature Template
Best regards,
The PayLessTax Team
www.paylesstax.co.za | [email protected]
Should you wish to no longer receive these emails, reply with UNSUBSCRIBE
Template Variables (Email Body)
| Variable | Usage |
|---|---|
| {{RECIPIENT_NAME}} | Parsed from email or "Valued Client" |
| {{TAX_TIP}} | Rotating tax tip of the day |
| {{PERSONALIZED_OFFER}} | Dynamic offer based on last interaction |
| {{UNSUBSCRIBE_LINK}} | For compliance |
Triggers
Scheduled via OpenClaw scheduler:
- 06:00 (Morning batch + inbox scraping)
- 12:00 (Midday batch)
- 15:00 (Afternoon batch)
- 18:00 (Evening batch + maintenance)
APIs & Dependencies
- Google Gmail API (service account with domain-wide delegation)
- Pandas (for Excel/CSV contact lists)
- google-auth,google-auth-oauthlib,google-auth-httplib2,google-api-python-client
Rate Limits
- Gmail API: 250 messages/user/second (safe limit: 250/batch with delays)
- Daily quota: Managed across 4 batches
Output
{
"batch_id": "2026-03-03-06-00",
"sent_count": 250,
"failed": 3,
"bounces": ["[email protected]"],
"unsubscribes": ["[email protected]"]
}
Files
- index.py - Main email sending logic
- templates/email-body.html - HTML email template
- .env.example - Environment variables
Compliance Notes
- Always include physical address
- Honor unsubscribe within 10 days
- Include company registration number
Usage Guidance
Do not install or run this skill until the following are clarified and addressed:
- Confirm where and how the Gmail service-account JSON is provided. The registry says no required env vars or config paths, but SKILL.md and config/settings.json expect sensitive credentials (and settings.json contains a hardcoded secrets path). Do not supply credentials until you verify the account belongs to you and has the minimal scopes required.
- Domain-wide delegation/impersonation is powerful: ensure the service account's privileges are strictly limited and audited. Prefer a dedicated mailbox and least-privilege credentials (not full domain delegation) where possible.
- Ask the author to remove or parameterize the hardcoded path (/home/papawespeak/...) in config/settings.json and to declare required env vars/config in the registry metadata (GOOGLE_SERVICE_ACCOUNT, USER_EMAIL, MAILING_LIST_PATH). The registry should reflect actual runtime needs.
- Confirm mailing list legality and opt-in status. This code will send high-volume email (1,000/day) — ensure compliance with anti-spam rules, organizational policy, and Gmail sending limits. Validate unsubscribe handling: current code only counts unsubscribe messages and does not automatically remove addresses from lists.
- Review and test in a controlled environment with a small opt-in list before scaling. Log and monitor all sending activity and restrict who can provide credentials.
If the author cannot or will not explain the credential handling and remove the hardcoded secret path, treat the skill as unsafe to install.
Capability Analysis
Type: OpenClaw Skill
Name: email-campaign
Version: 2.0.0
This skill is designed for high-volume email campaigns using Google Workspace Gmail. It reads service account credentials and a mailing list from specified file paths, sends emails via the Gmail API, and scrapes the inbox for bounces and unsubscribes. All file I/O and network operations (Gmail API calls) are consistent with its stated purpose. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts in the SKILL.md. The handling of sensitive credentials (service account JSON) is standard, reading from a file path within the OpenClaw workspace secrets directory.
Capability Assessment
Purpose & Capability
The declared purpose (sending 4x daily batches, tracking bounces/unsubscribes, managing Gmail via a service account) aligns with the code which sends emails via the Gmail API and uses a service account with subject impersonation. However the registry metadata lists no required credentials or config paths while SKILL.md and index.py clearly expect service-account credentials and a mailing-list file — this mismatch is unexpected and should be corrected.
Instruction Scope
SKILL.md instructs scraping the inbox for new contacts and managing Gmail; index.py implements inbox searches for bounces/unsubscribes but does not implement contact scraping or automatic removal of unsubscribes. The instructions also imply domain-wide delegation and inbox access; these are broad operations that give full mailbox access and should be explicitly declared and constrained.
Install Mechanism
There is no install spec (instruction-only + a Python file). The code imports standard Python packages (google client libs, pandas) but does not download arbitrary executables or fetch code from untrusted URLs. Risk from install mechanism itself is low, but runtime dependencies must be present in the environment.
Credentials
Although registry metadata lists no required env vars or config paths, SKILL.md documents a GOOGLE_SERVICE_ACCOUNT and the config/settings.json contains a hardcoded path to a service account file under '/home/papawespeak/.openclaw/workspace/secrets/gmail-sa.json'. The skill therefore expects access to highly sensitive Gmail service-account credentials (with gmail.modify scope and impersonation), which is proportionate to mass-emailing but must be declared and audited. The hardcoded secret path is a red flag and may expose or assume access to workspace secrets.
Persistence & Privilege
The skill is not always-enabled and does not request special platform privileges. The agent may invoke the skill autonomously (default), which increases blast radius if credentials are misused — combine that with the broad Gmail credentials requirement and this is an operational concern, though autonomous invocation alone is normal.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install email-campaign - After installation, invoke the skill by name or use
/email-campaign - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
Initial publish - 4x daily 250 email batches
Metadata
Frequently Asked Questions
What is PayLessTax Email Campaign?
PayLessTax email automation system - 4x daily, 250 emails each. It is an AI Agent Skill for Claude Code / OpenClaw, with 380 downloads so far.
How do I install PayLessTax Email Campaign?
Run "/install email-campaign" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is PayLessTax Email Campaign free?
Yes, PayLessTax Email Campaign is completely free (open-source). You can download, install and use it at no cost.
Which platforms does PayLessTax Email Campaign support?
PayLessTax Email Campaign is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created PayLessTax Email Campaign?
It is built and maintained by Carl Luis Olivier (@wespeakallday); the current version is v2.0.0.
More Skills