Description

Send and receive emails and phone calls via Inkbox agent identities. Use when the user wants to check inbox messages, list unread email, view a thread, searc...

README (SKILL.md)

Inkbox Skill

Name: Inkbox
Author: inkbox

API-first communication infrastructure for AI agents — email, phone, encrypted vault, and identities.

Requirements

INKBOX_API_KEY — Inkbox API key
node on PATH (Node.js 18+)
INKBOX_AGENT_HANDLE is optional; use it when already configured, otherwise ask the user which identity handle to use or create

Runtime setup

Do not assume @inkbox/sdk is already installed in the skill folder.

When the SDK is missing, prefer a temporary disposable Node directory over modifying the workspace or skill folder. Use a flow like:

Create a temporary directory
Run npm init -y
Run npm install @inkbox/sdk
Write a small .mjs script there
Run it with node

Only install dependencies into the skill folder or workspace if the user explicitly asks.

Use .mjs scripts with standard ESM imports. Avoid relying on tsx --eval or top-level-await snippets that may be runtime-fragile.

Install & Init

npm install @inkbox/sdk

Requires Node.js ≥ 18. ESM module — no context manager needed:

import { Inkbox } from "@inkbox/sdk";

const inkbox = new Inkbox({ apiKey: process.env.INKBOX_API_KEY });

Constructor options: { apiKey: string, baseUrl?: string, timeoutMs?: number }

Core Model

Inkbox (org-level client)
├── .createIdentity(handle) → Promise\x3CAgentIdentity>
├── .getIdentity(handle)    → Promise\x3CAgentIdentity>
├── .listIdentities()       → Promise\x3CAgentIdentitySummary[]>
├── .mailboxes              → MailboxesResource
├── .phoneNumbers           → PhoneNumbersResource
├── .vault                  → VaultResource
└── .createSigningKey()     → Promise\x3CSigningKey>

AgentIdentity (identity-scoped helper)
├── .mailbox                → IdentityMailbox | null
├── .phoneNumber            → IdentityPhoneNumber | null
├── .getCredentials()       → Promise\x3CCredentials>  (requires vault unlocked)
├── mail methods            (requires assigned mailbox)
└── phone methods           (requires assigned phone number)

An identity must have a channel assigned before you can use mail/phone methods. If not assigned, an InkboxAPIError is thrown.

Identities

const identity = await inkbox.createIdentity("sales-agent");
const identity = await inkbox.getIdentity("sales-agent");
const identities = await inkbox.listIdentities();   // AgentIdentitySummary[]

await identity.update({ newHandle: "new-name" });   // rename
await identity.update({ status: "paused" });         // or "active"
await identity.refresh();                            // re-fetch from API, updates cached channels
await identity.delete();                             // unlinks channels

If INKBOX_AGENT_HANDLE is not configured, ask the user for the handle to use.

After creating a new identity:

show the handle and mailbox address to the user
ask whether they want to save the handle in skills.entries.\x3Cskill>.env.INKBOX_AGENT_HANDLE
do not store the API key in plaintext config; prefer skills.entries.\x3Cskill>.apiKey with a SecretRef to INKBOX_API_KEY

Channel Management

// Create and auto-link new channels
const mailbox  = await identity.createMailbox({ displayName: "Sales Agent" });
const phone    = await identity.provisionPhoneNumber({ type: "toll_free" });   // or type: "local", state: "NY"

console.log(mailbox.emailAddress);   // e.g. "[email protected]"
console.log(phone.number);           // e.g. "+18005551234"

// Link existing channels
await identity.assignMailbox("mailbox-uuid");
await identity.assignPhoneNumber("phone-number-uuid");

// Unlink without deleting
await identity.unlinkMailbox();
await identity.unlinkPhoneNumber();

Mail

Send

Before sending, confirm recipients, subject, and body with the user.

const sent = await identity.sendEmail({
  to: ["[email protected]"],
  subject: "Hello",
  bodyText: "Hi there!",           // plain text (optional)
  bodyHtml: "\x3Cp>Hi there!\x3C/p>",    // HTML (optional)
  cc: ["[email protected]"],          // optional
  bcc: ["[email protected]"],        // optional
  inReplyToMessageId: sent.id,     // for threaded replies
  attachments: [{                  // optional
    filename: "report.pdf",
    contentType: "application/pdf",
    contentBase64: "\x3Cbase64>",
  }],
});

Read

// Iterate all messages — auto-paginated async generator
for await (const msg of identity.iterEmails()) {
  console.log(msg.subject, msg.fromAddress, msg.isRead);
}

// Filter by direction
for await (const msg of identity.iterEmails({ direction: "inbound" })) {   // or "outbound"
  ...
}

// Unread only (client-side filtered)
for await (const msg of identity.iterUnreadEmails()) {
  ...
}

// Mark as read
const ids = [];
for await (const msg of identity.iterUnreadEmails()) ids.push(msg.id);
await identity.markEmailsRead(ids);

// Get full thread (oldest-first)
const thread = await identity.getThread(msg.threadId);
for (const m of thread.messages) {
  console.log(`[${m.fromAddress}] ${m.subject}`);
}

Search

// Org-level mailbox search
const results = await inkbox.mailboxes.search(identity.mailbox.emailAddress, {
  q: "invoice",
  limit: 20,
});

This operation requires the identity to already have a mailbox provisioned.

Phone

// Place outbound call — stream audio via WebSocket
const call = await identity.placeCall({
  toNumber: "+15167251294",
  clientWebsocketUrl: "wss://your-agent.example.com/ws",
});
console.log(call.status);
console.log(call.rateLimit.callsRemaining);   // rolling 24h budget

// List calls (offset pagination)
const calls = await identity.listCalls({ limit: 10, offset: 0 });
for (const c of calls) {
  console.log(c.id, c.direction, c.remotePhoneNumber, c.status);
}

// Transcript segments (ordered by seq)
const segments = await identity.listTranscripts(calls[0].id);
for (const t of segments) {
  console.log(`[${t.party}] ${t.text}`);   // party: "local" or "remote"
}

Always confirm before placing a call.

Vault

Encrypted credential vault with client-side Argon2id key derivation and AES-256-GCM encryption. The server never sees plaintext secrets. Requires hash-wasm (included as a dependency).

Unlock & Read

import type { LoginPayload, APIKeyPayload, SSHKeyPayload, OtherPayload } from "@inkbox/sdk";

// Unlock with a vault key — derives key via Argon2id, decrypts all secrets
const unlocked = await inkbox.vault.unlock("my-Vault-key-01!");

// Optionally filter to secrets an agent identity has access to
const unlocked = await inkbox.vault.unlock("my-Vault-key-01!", { identityId: "agent-uuid" });

// All decrypted secrets from the unlock bundle
for (const secret of unlocked.secrets) {
  console.log(secret.name, secret.secretType);
  console.log(secret.payload);   // LoginPayload, APIKeyPayload, SSHKeyPayload, or OtherPayload
}

// Fetch and decrypt a single secret by ID
const secret = await unlocked.getSecret("secret-uuid");
const login = secret.payload as LoginPayload;
console.log(login.username, login.password);

Create & Update

// Create a login secret (secretType inferred from payload shape)
await unlocked.createSecret({
  name: "AWS Production",
  description: "Production IAM user",
  payload: { password: "s3cret", username: "admin", url: "https://aws.amazon.com" },
});

// Create an API key secret
await unlocked.createSecret({
  name: "GitHub PAT",
  payload: { apiKey: "ghp_xxx" },
});

// Create an SSH key secret
await unlocked.createSecret({
  name: "Deploy Key",
  payload: { privateKey: "-----BEGIN OPENSSH PRIVATE KEY-----..." },
});

// Create a freeform secret
await unlocked.createSecret({
  name: "Misc",
  payload: { data: "any freeform content" },
});

// Update name/description and/or re-encrypt payload
await unlocked.updateSecret("secret-uuid", { name: "New Name" });
await unlocked.updateSecret("secret-uuid", {
  payload: { password: "new", username: "new" },
});

// Delete
await unlocked.deleteSecret("secret-uuid");

Metadata (no unlock needed)

const info    = await inkbox.vault.info();                                  // VaultInfo
const keys    = await inkbox.vault.listKeys();                              // VaultKey[]
const keys    = await inkbox.vault.listKeys({ keyType: "recovery" });       // filter by type
const secrets = await inkbox.vault.listSecrets();                           // VaultSecret[] (metadata only)
const secrets = await inkbox.vault.listSecrets({ secretType: "login" });    // filter by type
await inkbox.vault.deleteSecret("secret-uuid");                             // delete without unlocking

Payload Types

Type	Interface	Fields
`login`	`LoginPayload`	`password`, `username?`, `email?`, `url?`, `notes?`, `totp?`
`api_key`	`APIKeyPayload`	`apiKey`, `endpoint?`, `notes?`
`key_pair`	`KeyPairPayload`	`accessKey`, `secretKey`, `endpoint?`, `notes?`
`ssh_key`	`SSHKeyPayload`	`privateKey`, `publicKey?`, `fingerprint?`, `passphrase?`, `notes?`
`other`	`OtherPayload`	`data`

secretType is immutable after creation. To change it, delete and recreate.

Agent Credentials (identity-scoped)

Agent-facing credential access — typed, identity-scoped. The vault stays as the admin surface; identity.getCredentials() is the agent runtime surface.

import type { Credentials } from "@inkbox/sdk";

// Unlock the vault first (stores state on the client)
await inkbox.vault.unlock("my-Vault-key-01!");

const identity = await inkbox.getIdentity("support-bot");
const creds = await identity.getCredentials();

// Discovery — returns DecryptedVaultSecret[] with name/metadata
const allCreds = creds.list();
const logins   = creds.listLogins();
const apiKeys  = creds.listApiKeys();
const sshKeys  = creds.listSshKeys();

// Access by UUID — returns typed payload directly
const login  = creds.getLogin("secret-uuid");    // → LoginPayload
const apiKey = creds.getApiKey("secret-uuid");    // → APIKeyPayload
const sshKey = creds.getSshKey("secret-uuid");    // → SSHKeyPayload

// Generic access — returns DecryptedVaultSecret
const secret = creds.get("secret-uuid");

Requires inkbox.vault.unlock() first — throws InkboxAPIError if vault is not unlocked
Results are filtered to secrets the identity has access to (via access rules)
Cached after first call; call identity.refresh() to clear the cache
get* throws Error if not found, TypeError if wrong secret type

One-Time Passwords (TOTP)

TOTP secrets are stored inside LoginPayload.totp in the encrypted vault. Codes are generated client-side — no server call needed.

From an agent identity (recommended)

import { parseTotpUri } from "@inkbox/sdk";
import type { LoginPayload } from "@inkbox/sdk";

// Create a login with TOTP
const secret = await identity.createSecret({
  name: "GitHub",
  payload: {
    username: "[email protected]",
    password: "s3cret",
    totp: parseTotpUri("otpauth://totp/GitHub:[email protected]?secret=JBSWY3DPEHPK3PXP&issuer=GitHub"),
  } satisfies LoginPayload,
});

// Generate TOTP code
const code = await identity.getTotpCode(secret.id);
console.log(code.code);              // e.g. "482901"
console.log(code.secondsRemaining);  // e.g. 17

// Add/replace TOTP on existing login
await identity.setTotp(secretId, "otpauth://totp/...?secret=...");

// Remove TOTP
await identity.removeTotp(secretId);

From the unlocked vault (org-level)

const unlocked = await inkbox.vault.unlock("my-Vault-key-01!");

// Same methods available on UnlockedVault
await unlocked.setTotp(secretId, totpConfigOrUri);
await unlocked.removeTotp(secretId);
const code = await unlocked.getTotpCode(secretId);

TOTPCode fields

Field	Type	Description
`code`	`string`	The OTP code (e.g. `"482901"`)
`periodStart`	`number`	Unix timestamp when the code became valid
`periodEnd`	`number`	Unix timestamp when the code expires
`secondsRemaining`	`number`	Seconds until expiry

Org-level Resources

Mailboxes (`inkbox.mailboxes`)

const mailboxes = await inkbox.mailboxes.list();
const mailbox   = await inkbox.mailboxes.get("[email protected]");
const mb        = await inkbox.mailboxes.create({ agentHandle: "support", displayName: "Support Inbox" });

await inkbox.mailboxes.update(mb.emailAddress, { displayName: "New Name" });
await inkbox.mailboxes.update(mb.emailAddress, { webhookUrl: "https://example.com/hook" });
await inkbox.mailboxes.update(mb.emailAddress, { webhookUrl: null });   // remove webhook

const results = await inkbox.mailboxes.search(mb.emailAddress, { q: "invoice", limit: 20 });
await inkbox.mailboxes.delete(mb.emailAddress);

Phone Numbers (`inkbox.phoneNumbers`)

const numbers = await inkbox.phoneNumbers.list();
const number  = await inkbox.phoneNumbers.get("phone-number-uuid");
const num     = await inkbox.phoneNumbers.provision({ agentHandle: "my-agent", type: "toll_free" });
const local   = await inkbox.phoneNumbers.provision({ agentHandle: "my-agent", type: "local", state: "NY" });

await inkbox.phoneNumbers.update(num.id, {
  incomingCallAction: "webhook",               // "webhook", "auto_accept", or "auto_reject"
  incomingCallWebhookUrl: "https://...",
});
await inkbox.phoneNumbers.update(num.id, {
  incomingCallAction: "auto_accept",
  clientWebsocketUrl: "wss://...",
});

const hits = await inkbox.phoneNumbers.searchTranscripts(num.id, { q: "refund", party: "remote", limit: 50 });
await inkbox.phoneNumbers.release(num.id);

Webhooks & Signature Verification

Webhooks are configured directly on the mailbox or phone number — no separate registration.

import { verifyWebhook } from "@inkbox/sdk";

// Rotate signing key (plaintext returned once — save it)
const key = await inkbox.createSigningKey();

// Verify an incoming webhook request
const valid = verifyWebhook({
  payload: req.body,                                           // Buffer or string
  headers: req.headers as Record\x3Cstring, string>,
  secret: "whsec_...",
});

Headers checked: x-inkbox-signature, x-inkbox-request-id, x-inkbox-timestamp. Algorithm: HMAC-SHA256 over "{requestId}.{timestamp}.{body}".

Error Handling

import { InkboxAPIError } from "@inkbox/sdk";

try {
  const identity = await inkbox.getIdentity("unknown");
} catch (e) {
  if (e instanceof InkboxAPIError) {
    console.log(e.statusCode);   // HTTP status (e.g. 404)
    console.log(e.detail);       // message from API
  }
}

If Inkbox returns 401 Unauthorized, tell the user the API key was rejected and ask them to verify or rotate INKBOX_API_KEY
If INKBOX_AGENT_HANDLE is missing, ask the user which identity to use or create one first
If an operation needs mailbox or phone provisioning that does not yet exist, explain what is missing and stop before guessing

Key Conventions

All method and property names are camelCase
iterEmails() / iterUnreadEmails() return AsyncGenerator\x3CMessage> — use for await...of
listCalls() returns Promise\x3CPhoneCall[]> — offset pagination, not a generator
To clear a nullable field (e.g. webhook URL), pass field: null
No context manager needed — new Inkbox({...}) is all that's required
All methods are async and return Promises — always await them
Confirm before sending emails or placing calls
Thread IDs come from message objects (threadId)
Message IDs can be used for inReplyToMessageId
Phone numbers must be in E.164 format (for example +15551234567)
The identity must have a phone number assigned for phone operations
Call IDs from listCalls can be passed to listTranscripts

Usage Guidance

This skill appears to do what it claims, but before installing: 1) Verify you trust Inkbox and review the @inkbox/sdk package (check its npm page and source repo) before running npm install. 2) Avoid putting a long‑lived production API key in plaintext; prefer the platform secret store or create a scoped/limited Inkbox API key you can revoke. 3) Be cautious about installing global npm tools (clawhub) with sudo; prefer local installs. 4) When configuring webhooks or WebSocket audio bridges, only use endpoints you control and trust because call audio/transcripts can be routed to those endpoints. 5) If unsure, test with a disposable Inkbox account/key and review the SDK calls you authorize.

Capability Analysis

Type: OpenClaw Skill Name: inkbox Version: 0.2.1 The inkbox skill bundle provides capabilities for email, telephony, and secret management via the inkbox.ai service. It is classified as suspicious because it instructs the AI agent to perform high-risk operations, such as dynamically creating temporary directories, executing shell commands (npm install), and running generated Node.js scripts (SKILL.md). While these actions are aligned with the skill's stated purpose, they introduce a significant attack surface for code injection and unauthorized execution. Additionally, the skill handles highly sensitive data, including SSH keys and passwords within an encrypted vault, which increases the potential impact of any exploitation or prompt injection.

Capability Assessment

✓ Purpose & Capability

Name/description match the declared requirements: INKBOX_API_KEY and Node are exactly what an Inkbox SDK client would need. No unrelated credentials or binaries are requested.

ℹ Instruction Scope

SKILL.md provides concrete SDK usage and runtime steps and stays within the Inkbox domain, but it instructs writing config (e.g., ~/.openclaw/.env and optionally skills.entries.<skill>.env.INKBOX_AGENT_HANDLE) and recommends installing the @inkbox/sdk (npm). It also suggests using a WebSocket or webhook URLs for call audio/handlers — these are expected for phone bridging but mean audio and call metadata could be routed externally if configured by the user.

ℹ Install Mechanism

The skill is instruction-only (no install spec), but runtime guidance and the included package.json point users to install @inkbox/sdk from npm. Installing a third‑party npm package is a moderate-risk operation (traceable to npm registry); no downloads from unknown URLs or extract steps are present.

✓ Credentials

Only INKBOX_API_KEY is declared as required (primaryEnv). SKILL.md mentions an optional INKBOX_AGENT_HANDLE (not required) for convenience. The number and type of env vars are proportionate to the skill's functionality.

✓ Persistence & Privilege

always is false and the skill does not request elevated or global persistence. It recommends storing a handle in the skill's config and discusses storing the API key via SecretRef; these are normal behaviors for a skill that manages identities.

Version History

v0.2.1

- Major documentation update: consolidated all skill references and API usage into a single README/metadata-driven SKILL.md. - Added package.json and README.md for improved clarity and easier install/usage instructions. - Removed fragmented reference docs (mail, phone, setup, vault, webhooks) to streamline onboarding and reduce duplication. - Expanded and clarified Inkbox SDK usage examples, agent identity setup, and runtime requirements. - Updated environment variable and dependency handling guidance to prioritize secure and isolated operation.

v0.2.0

**Expanded functionality and modular documentation:** - Added separate reference files for mail, phone, setup, vault, and webhooks operations. - Updated SKILL.md to clarify new features: credential/vault management and webhook handling. - Description now includes mailbox, phone, and credential/vault management. - Documented which reference to consult for each Inkbox operation. - Strengthened guidance on confirmation before sending emails or placing calls, and on handling missing mailboxes/phone numbers.

v0.1.2

- No user-facing changes; documentation only. - No file changes detected between versions 0.1.1 and 0.1.2.

v0.1.1

- Added documentation files: README.md and package.json - Expanded usage instructions to cover initial Inkbox identity setup, including identity creation and mailbox provisioning - Clarified runtime requirements, especially around Node.js SDK installation, favoring disposable directories for dependencies - Updated usage and initialization patterns to use modern .mjs scripts with standard ESM imports instead of eval-based flows - Added clear user prompts and error handling guidance for missing API keys, identity handles, and provisioning steps - Extended skill description to include identity setup/creation operations in addition to email and call features

v0.1.0

Initial release of the Inkbox skill. - Send and receive emails using an Inkbox agent identity. - Check inbox, list unread emails, view threads, and search mailbox contents. - Draft and send emails through the agent identity. - Place outbound phone calls, list call history, and retrieve call transcripts. - Requires INKBOX_API_KEY and (optionally) INKBOX_AGENT_HANDLE environment variables. - Node.js and @inkbox/sdk dependencies required.

Metadata

Slug inkbox

Version 0.2.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 5

Frequently Asked Questions

What is Inkbox?

Send and receive emails and phone calls via Inkbox agent identities. Use when the user wants to check inbox messages, list unread email, view a thread, searc... It is an AI Agent Skill for Claude Code / OpenClaw, with 271 downloads so far.

How do I install Inkbox?

Run "/install inkbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Inkbox free?

Yes, Inkbox is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Inkbox support?

Inkbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Inkbox?

It is built and maintained by inkbox (@inkbox); the current version is v0.2.1.

More Skills

Inkbox