← Back to Skills Marketplace
chowardcode

Email Tool

by chowardcode · GitHub ↗ · v1.0.2
cross-platform ⚠ suspicious
924
Downloads
0
Stars
5
Active Installs
3
Versions
Install in OpenClaw
/install email-tool
Description
Send and search emails via Zoho using specified recipients, subject, body, and search queries with optional CC, BCC, and read marking.
README (SKILL.md)

Email Skill

Description: Use this skill to send and read emails (IMAP/SMTP). Designed for Zoho Mail but configurable. Capabilities: email.send, email.search

Tools

email.send

Send an email to one or more recipients.

Parameters:

  • to (string, required): Comma-separated list of recipients.
  • subject (string, required): The email subject.
  • body (string, required): The email body (HTML or plain text).
  • cc (string, optional): CC recipients.
  • bcc (string, optional): BCC recipients.

email.search

Search for emails in the inbox.

Parameters:

  • query (string, required): Search query (e.g. from:example.com, subject:Invoice).
  • limit (number, optional): Max results (default 10).
  • markRead (boolean, optional): Mark as read after fetching (default false).

Configuration (NO HARDCODED SECRETS)

This skill must not contain credentials.

It loads secrets from either:

  1. A JSON file at %OPENCLAW_SECRETS_DIR%/email-tool.json (recommended), or
  2. Environment variables (fallback).

Required keys:

  • EMAIL_USER
  • EMAIL_PASS

Optional (defaults shown):

  • HOST_IMAP (imap.zoho.com)
  • PORT_IMAP (993)
  • HOST_SMTP (smtp.zoho.com)
  • PORT_SMTP (465)
  • SECURE_SMTP (true)

If you are packaging/uploading this skill: run node scripts/secret-scan.js first.

Usage Guidance
This skill appears to be an IMAP/SMTP email client for Zoho and contains source code that will read credentials from a secrets file or environment variables. Before installing: (1) verify and accept that the skill needs EMAIL_USER and EMAIL_PASS (the registry entry currently omits these), (2) confirm where you'll store the secrets (OPENCLAW_SECRETS_DIR or env) and ensure the secrets file is protected, (3) review the code yourself (noting the hardcoded sender name "Pestward Info") and ensure there are no unexpected network endpoints, and (4) ensure the platform will install the npm dependencies (nodemailer, imap-simple). If you do not trust the author or cannot provide the required credentials safely, do not install. If you need higher assurance, request the author to update registry metadata to declare required env vars and to explain the "Pestward Info" string or remove it.
Capability Analysis
Type: OpenClaw Skill Name: email-tool Version: 1.0.2 The OpenClaw Email Skill is classified as benign. It adheres to good security practices by explicitly stating that no hardcoded secrets should be present and providing a `secret-scan.js` script to enforce this. Credentials are loaded securely from a dedicated secrets file or environment variables. The core functionality, implemented in `src/index.js` using `nodemailer` and `imap-simple`, is aligned with its stated purpose of sending and searching emails. Input parameters are handled in a way that prevents direct command or query injection, and there is no evidence of data exfiltration, persistence mechanisms, or prompt injection attempts against the AI agent in `SKILL.md`.
Capability Assessment
Purpose & Capability
The skill implements sending and searching email over IMAP/SMTP (nodemailer + imap-simple), which is coherent with the description. However the registry metadata claims no required environment variables or primary credential while the SKILL.md and src/index.js clearly require EMAIL_USER and EMAIL_PASS (or an external secrets file). Also the outgoing From address in the code is hardcoded as "Pestward Info", which doesn't match the generic "Email Tool" branding and suggests leftover or repurposed code.
Instruction Scope
SKILL.md and src/index.js instruct the agent to load credentials from either a secrets JSON file at OPENCLAW_SECRETS_DIR (or ~/.openclaw/secrets/email-tool.json) or from environment variables. This requires reading a path in the user's home directory and accessing environment variables (OPENCLAW_SECRETS_DIR, EMAIL_USER, EMAIL_PASS, and optional HOST_/PORT_ vars). Those file/env accesses are reasonable for an email tool but they are not declared in the registry metadata, and the code reads from outside the skill folder (user home), which should be explicit/approved by the deployer.
Install Mechanism
No install spec is provided (instruction-only in registry), but the package includes code and a package.json/package-lock.json listing dependencies on well-known npm packages (nodemailer, imap-simple). Running this code requires those Node dependencies to be installed; absence of an install spec means the runtime or operator must ensure npm deps are installed. The packages themselves are standard for email and not unexpected.
Credentials
Functionally the skill requires EMAIL_USER and EMAIL_PASS and optionally OPENCLAW_SECRETS_DIR and HOST_/PORT_/SECURE settings — but the registry metadata lists no required env vars and no primary credential. That mismatch is significant: the skill will fail without credentials, yet nothing in the registry advertises that requirement or which env vars will be used. The skill also reads HOME/USERPROFILE implicitly to locate the secrets file.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide settings. It runs as a normal, user-invocable skill and can be invoked autonomously per platform defaults; this is expected for a utility skill. No extra persistent privileges are requested.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install email-tool
  3. After installation, invoke the skill by name or use /email-tool
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
v1.0.2: Removed hardcoded credentials; load secrets from external file/env; added secret-scan script.
v1.0.1
- Updated package metadata in package.json. - No changes to skill functionality or documentation.
v1.0.0
Initial release of email-tool skill. - Send emails via Zoho with support for to, cc, bcc, subject, and HTML/plain text body. - Search inbox emails with customizable queries, result limits, and optional mark-as-read. - Uses hardcoded Zoho email account credentials for configuration.
Metadata
Slug email-tool
Version 1.0.2
License
All-time Installs 5
Active Installs 5
Total Versions 3
Frequently Asked Questions

What is Email Tool?

Send and search emails via Zoho using specified recipients, subject, body, and search queries with optional CC, BCC, and read marking. It is an AI Agent Skill for Claude Code / OpenClaw, with 924 downloads so far.

How do I install Email Tool?

Run "/install email-tool" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Email Tool free?

Yes, Email Tool is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Email Tool support?

Email Tool is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Email Tool?

It is built and maintained by chowardcode (@chowardcode); the current version is v1.0.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments