← Back to Skills Marketplace
Pilot Email Bridge
by
Calin Teodor
· GitHub ↗
· v1.0.0
· MIT-0
78
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install pilot-email-bridge
Description
Send and receive emails via Pilot Protocol messaging. Use this skill when: 1. You need to send email notifications from Pilot agents 2. You want to receive e...
Usage Guidance
This skill appears to do what it says (bridge Pilot messages to SMTP/IMAP), but there are some gaps you should resolve before installing:
- Credential handling: SKILL.md mentions 'email credentials' but the skill metadata declares no env vars. Ask the author how SMTP credentials are supplied and stored; never paste secrets into free-text fields. Prefer providing credentials via a clearly-scoped secret (an env var declared by the skill) rather than embedding them into webhooks.
- Exfiltration risk: The send-file and publish examples allow reading arbitrary local files and forwarding them to a webhook/SMTP relay. Only allow the skill to access files from explicitly permitted directories and audit what pilotctl will transmit. If possible, test in an isolated environment first.
- Webhook targets: Configure webhooks to trusted, authenticated relays (prefer localhost or internal relays) and avoid pointing them to third-party URLs unless you control them. The example uses both localhost and external URLs — prefer localhost/internal for testing.
- pilotctl provenance: Ensure the pilotctl binary on PATH is the official, up-to-date binary from a trusted source (pilotprotocol.network) to avoid running a tampered client that could leak data.
- Run safely: Try the skill in a sandbox or non-production agent, verify exactly which files and headers are sent, and confirm that authentication is required and enforced by your SMTP relay.
If the author can clarify how credentials are handled and limit file-access behavior, the inconsistencies would be resolved; until then, treat the skill as a potential exfiltration vector and proceed cautiously.
Capability Analysis
Type: OpenClaw Skill
Name: pilot-email-bridge
Version: 1.0.0
The skill bundle provides an email bridge interface using the `pilotctl` binary, which includes high-risk capabilities such as sending local files to a remote relay (`send-file`) and configuring outbound webhooks (`set-webhook`). While these tools are plausibly required for the stated purpose, the potential for data exfiltration and the instruction in `SKILL.md` to execute an external background script (`smtp_relay_server.py`) not included in the bundle are significant risk factors. No clear evidence of intentional malice was found, but the broad file and network access capabilities warrant caution.
Capability Tags
Capability Assessment
Purpose & Capability
The skill claims to bridge Pilot Protocol and email and correctly requires the pilotctl binary and a running daemon — that aligns with the stated purpose. However, SKILL.md also lists 'email credentials' as a dependency but the registry metadata declares no required environment variables or primary credential, creating an inconsistency about how SMTP authentication is provided.
Instruction Scope
The instructions tell the agent to set webhooks to arbitrary URLs, publish messages that may be relayed externally, and use 'pilotctl --json send-file email-relay /path/to/report.pdf' — which implies reading local files and sending them through an external relay. This behavior is consistent with an email bridge but also enables exfiltration of arbitrary files if misused. The README also instructs launching an external 'python3 smtp_relay_server.py &' with no guidance about its security or authentication.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes supply-chain risk (nothing downloaded or written by the skill itself). It does, however, rely on an external binary (pilotctl) already on PATH.
Credentials
The SKILL.md says 'Requires ... email credentials' but the skill metadata declares no required environment variables or primary credential. There is no clear, declared mechanism for supplying SMTP auth, API keys, or where they should be stored, which is a meaningful omission for an email bridge that will authenticate to relays.
Persistence & Privilege
The skill is not always-enabled and uses default model-invocation behavior (agent may call it autonomously, which is normal). It does not request persistent system configuration or modify other skills' settings in the instructions provided.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install pilot-email-bridge - After installation, invoke the skill by name or use
/pilot-email-bridge - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Pilot Email Bridge?
Send and receive emails via Pilot Protocol messaging. Use this skill when: 1. You need to send email notifications from Pilot agents 2. You want to receive e... It is an AI Agent Skill for Claude Code / OpenClaw, with 78 downloads so far.
How do I install Pilot Email Bridge?
Run "/install pilot-email-bridge" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Pilot Email Bridge free?
Yes, Pilot Email Bridge is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Pilot Email Bridge support?
Pilot Email Bridge is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Pilot Email Bridge?
It is built and maintained by Calin Teodor (@teoslayer); the current version is v1.0.0.
More Skills