← Back to Skills Marketplace
Unified Mailbox Ai
by
L1TangDingZhen
· GitHub ↗
· v1.1.0
· MIT-0
182
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install unified-mailbox-ai
Description
Unified mailbox AI for both Outlook and Gmail. Checks unread emails, summarizes new mail with AI, detects meeting invitations, checks calendar conflicts on b...
Usage Guidance
This skill appears to do what it claims, but there are a few security-relevant tradeoffs to consider before installing:
- Tokens & config: The Python code reads the MSAL token cache (~/.openclaw/ms_tokens.json) and writes a refreshed MS_GRAPH_ACCESS_TOKEN into ~/.openclaw/openclaw.json. That central config file will contain an access token which other local skills or processes that can read that file could use. If you have strict token control requirements, keep an eye on file permissions or avoid writing tokens into shared configs.
- Gmail keyring handling: The recommended setup uses GOG_KEYRING_PASSWORD="" and a file-based keyring for non-interactive use. That reduces friction for cron jobs but weakens local credential protection. Consider whether the tradeoff is acceptable for your environment.
- Cron & shell injection surface: The installer offers to append exports to ~/.bashrc and install a cron line. Only agree to those steps if you trust the repository and the paths shown; inspect the cron line and .bashrc additions before accepting.
- Least privilege: The skill requests broad mail/calendar scopes (Mail.ReadWrite, Calendars.ReadWrite). If you only need read-only notifications, consider adjusting scopes or using tokens with reduced permissions where possible.
- Operational hygiene: Run the script manually first (python3 ... check), verify outputs, and review the code locally. Ensure ~/.openclaw/openclaw.json and ~/.openclaw/notified_emails.json have appropriate filesystem permissions (restrict to your user). If you are uncertain about the upstream source, review the full repository on GitHub before installing.
If these tradeoffs are acceptable and you trust the source, the package is coherent for its purpose. If you have stricter security requirements, do not enable the installer’s automatic edits (openclaw.json, ~/.bashrc, crontab) until you have manually reviewed and adjusted them.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description match the implementation: Python script uses Microsoft Graph (msal + ms_tokens.json) for Outlook, the gog CLI for Gmail, and sends notifications to a Telegram chat ID (EMAIL_MONITOR_TELEGRAM_USER). Required binaries and env vars are coherent with the stated functionality.
Instruction Scope
SKILL.md and installer instruct the agent to read ms_tokens.json, modify ~/.openclaw/openclaw.json, call gog and outlook-graph scripts, and create cron entries. These actions are within the scope of an automated mailbox monitor, but notable security-relevant behaviors include: (1) the script updates openclaw.json with MS_GRAPH_ACCESS_TOKEN (persisting tokens to a global config); (2) the recommended cron setup uses an empty GOG_KEYRING_PASSWORD and exporting credentials in multiple places. These are expected for the skill but have privacy/operational implications the user should understand.
Install Mechanism
No remote downloads or opaque installers: the repository contains an installer script that copies files into ~/.openclaw, edits openclaw.json, optionally modifies ~/.bashrc and crontab, and can pip-install msal locally. This is a typical install pattern for user-local skills and does not pull arbitrary code at runtime.
Credentials
Requested env vars and files are proportional to function: EMAIL_MONITOR_TELEGRAM_USER (required) is needed to deliver notifications, EMAIL_MONITOR_GMAIL_ACCOUNT and MS_GRAPH_ACCESS_TOKEN (optional) are required for Gmail/Outlook. However, the script writes refreshed MS access tokens back into ~/.openclaw/openclaw.json which centralizes a sensitive token—this is convenient but elevates the blast radius if that file is accessible to other users or processes.
Persistence & Privilege
The installer can register the skill in the agent's skills list, append env exports to ~/.bashrc, and add a cron job — all with interactive prompts. The skill itself writes/reads files under ~/.openclaw (ms_tokens.json, openclaw.json, notified_emails.json). These behaviors are expected but grant the skill persistent presence and access to other OpenClaw configuration files, so users should verify file permissions and consent during installation.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install unified-mailbox-ai - After installation, invoke the skill by name or use
/unified-mailbox-ai - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Parallel Outlook/Gmail fetches, env-var based config, removed hardcoded personal data
v1.0.0
Initial release
Metadata
Frequently Asked Questions
What is Unified Mailbox Ai?
Unified mailbox AI for both Outlook and Gmail. Checks unread emails, summarizes new mail with AI, detects meeting invitations, checks calendar conflicts on b... It is an AI Agent Skill for Claude Code / OpenClaw, with 182 downloads so far.
How do I install Unified Mailbox Ai?
Run "/install unified-mailbox-ai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Unified Mailbox Ai free?
Yes, Unified Mailbox Ai is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Unified Mailbox Ai support?
Unified Mailbox Ai is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Unified Mailbox Ai?
It is built and maintained by L1TangDingZhen (@l1tangdingzhen); the current version is v1.1.0.
More Skills