← Back to Skills Marketplace
cedarscy

Gmail Cleaner

by cedarscy · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
543
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gmail-cleaner
Description
Clean and organize Gmail accounts in bulk. Use when asked to clean Gmail, remove spam, trash newsletters/promotional emails, bulk-delete emails by sender, cr...
README (SKILL.md)

Gmail Cleaner

Bulk Gmail cleanup using the Gmail API. Processes 1000 messages per API call.

Prerequisites

  • google-api-python-client, google-auth-oauthlib Python packages (scripts auto-install if missing)
  • OAuth credentials JSON from Google Cloud Console (Desktop app type)
  • Token files stored as .pkl files per account

Workflow

1. Auth (first time or new account)

python scripts/auth.py --credentials /path/to/credentials.json --token /path/to/token.pkl --scopes settings
  • basic scopes: read/modify/delete messages + labels
  • settings scopes: adds gmail.settings.basic (required for creating filters)
  • Default token path: ~/.openclaw/workspace/gmail_token.pkl
  • Default creds path: ~/.openclaw/workspace/gmail_credentials.json

For a second account, specify a different --token path (e.g., gmail_token_work.pkl).

2. Scan (identify what to clean)

python scripts/scan.py --token /path/to/token.pkl --sample 500

Shows inbox counts by category + top 40 senders. Run this first.

3. Clean (bulk trash/delete)

# Trash specific senders:
python scripts/clean.py --from "[email protected],[email protected]"

# Trash by Gmail search query:
python scripts/clean.py --query "category:promotions older_than:30d"

# From a JSON config file (list of {query, label}):
python scripts/clean.py --config senders.json

# Permanently delete instead of trash:
python scripts/clean.py --from "[email protected]" --delete

# Dry run first:
python scripts/clean.py --from "[email protected]" --dry-run

4. Deep Clean (comprehensive)

# Full deep clean (4 steps: trash promos → archive old → mark read → purge trash):
python scripts/deep_clean.py

# Custom age thresholds:
python scripts/deep_clean.py --promo-days 7 --archive-days 30 --unread-days 14

# Skip trash purge (keep trash for 30-day auto-delete):
python scripts/deep_clean.py --skip-trash-purge

5. Organize (labels + filters)

# Apply built-in label set (Business, Banking, Tech, Personal, Trading, Social):
python scripts/organize.py

# Custom labels/rules/filters from JSON:
python scripts/organize.py --config labels.json

# Labels only (no filters):
python scripts/organize.py --skip-filters

6. Restore (rescue emails from trash)

# Restore all emails from a sender + apply a label:
python scripts/restore.py --from [email protected] --label "Harvard Health"

# Restore by query:
python scripts/restore.py --query "from:apple.com in:trash" --label "Tech/Apple"

Multiple Accounts

Run each script with a different --token path per account:

python scripts/scan.py    --token ~/.openclaw/workspace/gmail_token_personal.pkl
python scripts/scan.py    --token ~/.openclaw/workspace/gmail_token_work.pkl
python scripts/deep_clean.py --token ~/.openclaw/workspace/gmail_token_work.pkl

Common Patterns

Full cleanup for one account:

python scripts/auth.py --scopes settings
python scripts/scan.py                         # identify top senders
python scripts/clean.py --from "..."          # trash specific senders
python scripts/deep_clean.py                   # clean categories
python scripts/organize.py                     # create labels + filters

Rescue important emails caught in bulk delete:

python scripts/restore.py --from [email protected] --label "Important"

Senders config file format for clean.py --config:

[
  {"query": "from:[email protected]", "label": "Temu"},
  {"query": "category:promotions older_than:7d", "label": "Old Promos"}
]

Notes

  • batchModify moves to TRASH — Gmail auto-purges after 30 days
  • batchDelete is permanent and irreversible — always dry-run first
  • Gmail filter creation requires gmail.settings.basic scope — re-auth with --scopes settings if filters fail with 403
  • scan.py samples N messages; large inboxes may need --sample 2000 for accuracy
  • Credentials JSON comes from Google Cloud Console → APIs & Services → Credentials → OAuth 2.0 → Desktop → Download JSON
Usage Guidance
This skill appears to be what it claims: a Gmail bulk-cleaner built around the Gmail API. Before installing/using it: 1) Review and obtain your own Google OAuth credentials JSON from Google Cloud Console (do not use credentials/token files from untrusted sources). 2) Use the --dry-run option to verify which messages will be affected before allowing deletions. 3) Be aware the scripts store tokens as pickle (.pkl) files — do not load token files from untrusted parties, and protect the token files' filesystem permissions. 4) The scripts auto-install Python packages via pip at runtime; consider pre-installing and pinning versions in a controlled environment (or run inside a virtualenv/container) to reduce supply-chain risk. 5) Limit scopes requested when possible (use 'basic' instead of 'all' unless you need filter creation), and back up important mail before running mass delete/purge operations.
Capability Analysis
Type: OpenClaw Skill Name: gmail-cleaner Version: 1.0.0 The skill is classified as suspicious due to the use of `os.system` for package installation and `pickle.load` for deserializing authentication tokens. While `os.system` in `scripts/auth.py`, `scripts/clean.py`, `scripts/deep_clean.py`, `scripts/organize.py`, `scripts/restore.py`, and `scripts/scan.py` is used with hardcoded arguments for installing known dependencies, it represents a direct shell execution vulnerability if the execution environment or `sys.executable` path were compromised. Additionally, `pickle.load` (used across all scripts to load `gmail_token.pkl`) is a known deserialization vulnerability that could lead to arbitrary code execution if an attacker were able to replace the token file with a malicious payload. These are significant vulnerabilities, not malicious intent, aligning with a 'suspicious' classification.
Capability Assessment
Purpose & Capability
Name/description match the included scripts (auth, scan, clean, deep_clean, organize, restore). The code requires OAuth credentials JSON and token .pkl files (as documented) and calls the Gmail API for listing/labeling/trashing/deleting — all expected for a Gmail cleanup tool. There are no unrelated environment variables, binaries, or external services requested.
Instruction Scope
SKILL.md instructs running the included scripts with token/credentials paths and describes expected scopes. The scripts only read the provided credentials/token files, interact with the Gmail API, create labels/filters, and modify messages. They do not reference unrelated system paths or hidden external endpoints other than Google APIs. The instructions advise dry-run mode and warn about irreversible deletes.
Install Mechanism
There is no formal install spec, but each script will attempt to install required Python packages at runtime via os.system pip install if imports fail. Installing packages from PyPI at runtime is common but carries moderate risk (silent installs, no pinned versions). There are no downloads from untrusted URLs or archives in the skill itself.
Credentials
No environment variables or unrelated credentials are requested. The only persistent data are OAuth credentials JSON (user-supplied) and token pickle files stored by default under ~/.openclaw/workspace — this is proportional and documented. The tool asks for Gmail scopes appropriate for its operations (modify, readonly, settings).
Persistence & Privilege
always:false and model-invocation is normal. The skill writes token files to its own workspace location and creates Gmail filters/labels in the user's Gmail account (expected). It does not modify other skills or system-wide agent settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gmail-cleaner
  3. After installation, invoke the skill by name or use /gmail-cleaner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release — bulk trash, deep clean, organize labels, restore from trash, multi-account support via token files
Metadata
Slug gmail-cleaner
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Gmail Cleaner?

Clean and organize Gmail accounts in bulk. Use when asked to clean Gmail, remove spam, trash newsletters/promotional emails, bulk-delete emails by sender, cr... It is an AI Agent Skill for Claude Code / OpenClaw, with 543 downloads so far.

How do I install Gmail Cleaner?

Run "/install gmail-cleaner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Gmail Cleaner free?

Yes, Gmail Cleaner is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Gmail Cleaner support?

Gmail Cleaner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Gmail Cleaner?

It is built and maintained by cedarscy (@cedarscy); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments