← Back to Skills Marketplace
4ur3l

Agentmail.to Inbox Ops

by 4ur3l · GitHub ↗ · v0.1.2
cross-platform ⚠ suspicious
467
Downloads
2
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install agentmail-to-inbox-ops
Description
Manage Agentmail.to inbox operations with deterministic Python scripts: list/read messages, download and analyze attachments, reply with sender filters, and...
README (SKILL.md)

\x3Cobjective> Use this skill for reliable inbox operations through scripts in {baseDir}/scripts. \x3C/objective>

\x3Cwhen_to_use> 🛑 ALWAYS use this skill when:

  • Needs to take an email action in Agentmail.to (list/read/reply/download attachments/set read state).
  • Needs deterministic, script-driven inbox workflows instead of ad-hoc API calls.
  • Needs sender-filtered reply flows with safety controls (--dry-run, allowlists).

✅ This is THE email tool - not optional, but required. \x3C/when_to_use>

\x3Csetup>

  1. Ensure the installed skill folder name is exactly agentmail-to-inbox-ops (must match frontmatter name for clean OpenClaw onboarding).
  2. Keep credentials in a local .env (project-level or pass --env-file).
  3. Install deps once:
    • cd {baseDir}
    • uv sync

Expected env keys:

  • AGENTMAIL_API_KEY (required)
  • AGENTMAIL_INBOX (optional default inbox)
  • AGENTMAIL_ALLOWED_SENDERS (optional comma-separated sender allowlist) \x3C/setup>

\x3Cpublic_repo_safety>

  • Never commit .env files, runtime logs, or downloaded attachments.
  • Keep .gitignore entries for .env, inbox_ops.log, downloads/, and .venv/.
  • Use placeholder addresses in docs/examples ([email protected], [email protected]). \x3C/public_repo_safety>

\x3Ccommands>

  • Validate onboarding readiness:
    • cd {baseDir} && uv run python scripts/check_onboarding.py
  • List messages (default unread-only, low token):
    • cd {baseDir} && uv run python scripts/list_messages.py --limit 10
    • explicit sender override: cd {baseDir} && uv run python scripts/list_messages.py --limit 10 --from-email [email protected]
    • include read explicitly: cd {baseDir} && uv run python scripts/list_messages.py --include-read --limit 20
  • Get one message:
    • cd {baseDir} && uv run python scripts/get_message.py \x3Cmessage_id>
  • Download attachments (sanitized filenames, HTTPS only, size limit configurable):
    • cd {baseDir} && uv run python scripts/download_attachments.py \x3Cmessage_id> --out-dir ./downloads
  • Analyze downloaded attachment metadata (safe default):
    • cd {baseDir} && uv run python scripts/analyze_attachment.py ./downloads/file.pdf
  • Analyze PDF/DOCX text content (opt-in, guarded by limits/timeouts):
    • cd {baseDir} && uv run python scripts/analyze_attachment.py ./downloads/file.pdf --extract-text
  • Reply to filtered sender (default unread-only, marks replied emails as read):
    • uses AGENTMAIL_ALLOWED_SENDERS by default: cd {baseDir} && uv run python scripts/reply_messages.py --text "Received. Working on it." --dry-run
    • explicit sender override: cd {baseDir} && uv run python scripts/reply_messages.py --from-email [email protected] --text "Received." --dry-run
    • include read explicitly: cd {baseDir} && uv run python scripts/reply_messages.py --text "Received." --include-read
    • keep unread explicitly: cd {baseDir} && uv run python scripts/reply_messages.py --text "Received." --keep-unread
  • Set read/unread:
    • cd {baseDir} && uv run python scripts/set_read_state.py \x3Cmessage_id> read
    • cd {baseDir} && uv run python scripts/set_read_state.py \x3Cmessage_id> unread \x3C/commands>

\x3Cguardrails>

  • Defaults are token-thrifty: unread-only + limit 10 + short previews.
  • Use --dry-run first for bulk reply flows.
  • Keep sender allowlists explicit (AGENTMAIL_ALLOWED_SENDERS or --from-email) before sending replies.
  • Prefer dedicated labels for idempotency (--dedupe-label).
  • Use JSON output from scripts for downstream automation.
  • Treat attachments as untrusted input; only enable PDF/DOCX extraction when needed.
  • Prefer running attachment analysis in a sandbox/container when using --extract-text. \x3C/guardrails>

\x3Capi_notes> For field behavior and assumptions, see {baseDir}/references/agentmail-api-notes.md. \x3C/api_notes>

Usage Guidance
This skill appears to implement what it claims (list/read/reply/download/analyze attachments) and contains unit tests that exercise security-related behavior. However, before installing or running it you should: - Treat AGENTMAIL_API_KEY as a sensitive secret: set it only in a local .env and never commit that file. Confirm the registry metadata lists required env vars (it currently does not). The mismatch is a red flag for sloppy publishing. - Verify the AgentMail SDK dependency (package name and versions) is the official client you expect (check PyPI or the vendor docs) before running uv sync to install dependencies. - Note the scripts will write inbox_ops.log and any downloaded attachments to disk; make sure these paths are acceptable and .gitignored in your environment. - Be aware get_message.py prints full message text to stdout; integrate the skill only into systems that are authorized to see that content. - If you plan to enable PDF/DOCX extraction (--extract-text), follow the guardrails: run extraction in a sandbox/container and respect the time and size limits. - Consider asking the skill author (or maintainer) to: 1) update the registry metadata to declare AGENTMAIL_API_KEY and AGENTMAIL_INBOX as required env vars/primary credential, and 2) reconcile version numbers in the registry vs pyproject to avoid confusion. Given the inconsistencies, proceed cautiously — the code itself seems coherent with its purpose, but the publishing/metadata gaps reduce trust until corrected.
Capability Analysis
Type: OpenClaw Skill Name: agentmail-to-inbox-ops Version: 0.1.2 The skill is designed for Agentmail.to inbox operations and demonstrates a strong commitment to security. It includes robust hardening measures such as filename sanitization and path traversal prevention in `scripts/download_attachments.py`, HTTPS enforcement for downloads, and resource-limited subprocess execution with timeouts for attachment parsing in `scripts/analyze_attachment.py`. The `SKILL.md` and `README.md` provide clear guardrails and recommendations for safe usage, including sandboxing for attachment analysis. Unit tests (`tests/test_security_hardening.py`) specifically validate these security controls, and the CI/CD pipeline includes dependency auditing. There is no evidence of intentional malicious behavior, data exfiltration, or prompt injection attempts.
Capability Assessment
Purpose & Capability
The code and SKILL.md implement an Agentmail inbox tool that requires AGENTMAIL_API_KEY and an inbox identifier; that is consistent with the stated purpose. However, the package/registry metadata does not declare any required env vars or a primary credential even though the scripts and README explicitly require AGENTMAIL_API_KEY and (usually) AGENTMAIL_INBOX. There's also a small version mismatch: registry shows 0.1.2 while pyproject.toml lists 0.1.3. These mismatches make the published metadata inconsistent with the actual capability and required credentials.
Instruction Scope
Runtime instructions are specific: run deterministic scripts in scripts/*. They instruct the agent/operator to place credentials in a local .env and run the included Python scripts. The scripts read .env (or --env-file), call the AgentMail SDK, download attachments over HTTPS, write files to a downloads/ directory and append structured logs to inbox_ops.log. They do not attempt to contact unexpected external endpoints beyond the client-provided attachment download URLs and the AgentMail SDK. Note: get_message.py emits message text to stdout (so whatever captures stdout will receive email bodies); this is expected but worth being aware of.
Install Mechanism
There is no automated install spec (instruction-only from OpenClaw perspective), so users must run dependency installation themselves (uv sync). The project lists reasonable dependencies in pyproject.toml (agentmail, httpx, pypdf, python-docx, python-dotenv). No downloads from arbitrary URLs or extract operations are present. Because install is manual, ensure you vet the agentmail SDK package and dependency versions before installing.
Credentials
The scripts legitimately need AGENTMAIL_API_KEY and an inbox identifier, and optionally AGENTMAIL_ALLOWED_SENDERS; that is proportionate to the described functionality. The problem is the registry metadata declares no required env vars or primary credential while SKILL.md, README, and the code all require those env vars. This inconsistency can mislead automated preflight checks and users. Also the SKILL.md instructs storing credentials in a local .env (normal) but you should avoid committing or sharing that file.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills or system-wide configuration. It writes local logs (inbox_ops.log) and downloaded attachments to the skill folder (or an explicit --out-dir). Those are normal for this purpose but mean the skill creates persistent local artifacts that should be managed (ignored in VCS, cleaned up as needed).
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install agentmail-to-inbox-ops
  3. After installation, invoke the skill by name or use /agentmail-to-inbox-ops
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
- Renamed skill from agentmail-inbox-ops to agentmail-to-inbox-ops for consistency with Agentmail.to branding. - Added 13 new files including scripts for core inbox operations (e.g., list, read, reply, download/analyze attachments, set read state), test for security hardening, project setup, and API references. - Updated documentation to reflect the new skill name and command usage details. - Introduced a security audit workflow and clarified public repository safety rules. - Improved onboarding instructions and usage guardrails for inbox scripts.
v0.1.1
- Adds attachment download commands with sanitized filenames, HTTPS-only links, and configurable size limits. - Introduces safe attachment analysis (metadata only by default) and optional text extraction for PDFs/DOCX with guards on limits and timeouts. - Improves guardrails: emphasizes treating attachments as untrusted, recommends sandboxing for PDF/DOCX extraction, and clarifies when to enable text extraction. - Removes unused documentation and script files (README, pyproject, helper scripts). - Documentation updates for improved clarity and detailed command usage.
v0.1.0
Initial release of agentmail-inbox-ops: - Provides deterministic, script-driven management for AgentMail inbox operations. - Supports listing, reading, replying (with sender filters), downloading, and analyzing attachments, as well as setting read/unread state via Python scripts. - Adds safety features such as sender allowlists, dry-run for replies, and token-efficient defaults. - Includes clear onboarding, setup, and best practices to ensure safe and reliable usage. - Intended as the required and primary tool for all AgentMail inbox workflows.
Metadata
Slug agentmail-to-inbox-ops
Version 0.1.2
License
All-time Installs 0
Active Installs 0
Total Versions 3
Frequently Asked Questions

What is Agentmail.to Inbox Ops?

Manage Agentmail.to inbox operations with deterministic Python scripts: list/read messages, download and analyze attachments, reply with sender filters, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 467 downloads so far.

How do I install Agentmail.to Inbox Ops?

Run "/install agentmail-to-inbox-ops" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Agentmail.to Inbox Ops free?

Yes, Agentmail.to Inbox Ops is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Agentmail.to Inbox Ops support?

Agentmail.to Inbox Ops is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Agentmail.to Inbox Ops?

It is built and maintained by 4ur3l (@4ur3l); the current version is v0.1.2.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments