← Back to Skills Marketplace
etopro

Email OTP

by etopro · GitHub ↗ · v1.0.0
cross-platform ✓ Security Clean
307
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install email-otp
Description
Create temporary email addresses and monitor for registration OTP codes or validation links
README (SKILL.md)

Email OTP Skill

A skill for creating temporary email addresses and automatically extracting OTP codes and validation links from incoming emails. Uses the free mail.tm API (no API key required).

When to Use This Skill

Invoke this skill when the user asks to:

  • Create a temporary email address
  • Get a disposable email for signup/verification
  • Check for OTP (one-time password) codes
  • Wait for email verification links
  • Monitor an inbox for authentication codes

Quick Start

# Create a new temporary email
python3 scripts/tempmail_otp.py create

# Monitor for OTP codes (5 minute timeout)
python3 scripts/tempmail_otp.py check

# List current account and messages
python3 scripts/tempmail_otp.py list

Commands

Create Account

python3 scripts/tempmail_otp.py create [OPTIONS]

Options:

  • -e, --email ADDRESS - Custom full email address
  • -d, --domain DOMAIN - Specific domain to use
  • -p, --password PASSWORD - Account password (auto-generated if not specified)
  • --json - Output as JSON

Example:

python3 scripts/tempmail_otp.py create --domain "marcilzo.com"

Check for OTP/Links

python3 scripts/tempmail_otp.py check [OPTIONS]

Options:

  • --timeout SECONDS - Max seconds to wait (default: 300)
  • --poll SECONDS - Poll interval in seconds (default: 3)
  • --sender EMAIL - Only accept emails from this sender
  • --subject TEXT - Only accept emails with this in subject
  • --pattern REGEX - Custom regex pattern for OTP extraction
  • --once - Exit after first OTP found
  • --json - Output messages as JSON

Examples:

# Wait up to 2 minutes for OTP
python3 scripts/tempmail_otp.py check --timeout 120

# Only accept emails from [email protected]
python3 scripts/tempmail_otp.py check --sender "[email protected]"

# Exit immediately after finding OTP
python3 scripts/tempmail_otp.py check --once

List Account and Messages

python3 scripts/tempmail_otp.py list

Shows the current account details and all messages in the inbox with extracted links.

List Available Domains

python3 scripts/tempmail_otp.py domains [--json]

Output Files

When an OTP or link is found, the script automatically saves them to the unified state directory:

  • ~/.tempmail_otp/last_otp - Contains the last extracted OTP code
  • ~/.tempmail_otp/last_link - Contains the first interesting validation link found
  • ~/.tempmail_otp/account.json - Account credentials (JWT token, email, password)

All state files are stored in ~/.tempmail_otp/ with restricted permissions (0600).

OTP Detection Patterns

The script automatically detects OTP codes using these patterns:

  • 6-8 digit numbers (most common)
  • 4 digit numbers
  • "code: XXXXXX" format
  • "verification: XXXXXX" format
  • "otp: XXXXXX" format

Link Extraction

The script extracts all HTTP/HTTPS links from email HTML, filtering out:

  • Unsubscribe links
  • Tracking links
  • Image files (.png, .jpg, .gif)

State Management

All state is stored in a unified directory: ~/.tempmail_otp/

  • account.json - Account credentials and JWT token (created by create command)
  • last_otp - Most recent OTP code extracted (created by check command)
  • last_link - First validation link extracted (created by check command)

Files have restricted permissions (0600) for security. The check and list commands automatically use stored credentials.

Design Rationale

The unified state directory follows best practices for CLI tools:

  1. No project pollution - No temporary files are created in your working directory
  2. Predictable location - All state is in one place, easy to find and clean up
  3. Cross-session persistence - Works from any directory on your system
  4. Permission safety - Sensitive credentials have proper file permissions

To reset all state: rm -rf ~/.tempmail_otp/

Typical Workflow

  1. Create account - Generate a new temporary email address
  2. Use email - Provide the email during service signup
  3. Monitor inbox - Run the check command to wait for OTP/link
  4. Extract code - OTP is automatically displayed and saved to ~/.tempmail_otp/last_otp
  5. Verify - Use the OTP or link to complete verification

Example Session

# Create a temp email
$ python3 scripts/tempmail_otp.py create
Email: [email protected]
Password: f8e4d2a1-1234-5678-9abc-123456789abc
Domain: marcilzo.com

Account saved to /home/user/.tempmail_otp/account.json

# In another terminal, wait for OTP
$ python3 scripts/tempmail_otp.py check --once
Monitoring: [email protected]
Timeout: 300s | Poll interval: 3s
--------------------------------------------------

📧 New email from: [email protected]
   Subject: Your verification code

✅ OTP FOUND: 842197
OTP saved to /home/user/.tempmail_otp/last_otp
--------------------------------------------------

Error Handling

  • If email address is already taken, the script automatically retries with a new username
  • Network errors are logged and the script continues polling
  • Invalid account state prompts to recreate the account

API

This skill uses the mail.tm REST API:

  • Base URL: https://api.mail.tm
  • Authentication: JWT Bearer token
  • No API key required

Notes

  • Temporary emails may expire after inactivity periods
  • Some services may block temporary email domains
  • The script automatically handles account creation and JWT token management
  • OTP patterns cover most common formats, but custom regex can be provided via --pattern
Usage Guidance
This skill appears internally consistent with its purpose, but review and consider the following before installing: 1) it creates accounts on a third‑party service (mail.tm) and will send/receive network traffic — confirm you are comfortable with that service's privacy/ToS; 2) it stores account credentials and extracted OTPs/links in ~/.tempmail_otp/ (account.json, last_otp, last_link) — remove that directory to erase state; 3) if you allow the agent to invoke skills autonomously, it could create and poll temporary inboxes without interactive confirmation; 4) if you want extra assurance, inspect the included script (scripts/tempmail_otp.py) yourself or run it in a restricted/sandboxed environment. If any of those concerns are unacceptable, do not enable the skill.
Capability Analysis
Type: OpenClaw Skill Name: email-otp Version: 1.0.0 The OpenClaw skill 'email-otp' is designed to create temporary email addresses and extract OTPs/links using the mail.tm API. The code (scripts/tempmail_otp.py) and documentation (SKILL.md, README.md) are transparent, well-structured, and align with the stated purpose. It securely stores account credentials and extracted data in `~/.tempmail_otp/` with restricted permissions (0600). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the AI agent. While the `--pattern` option for custom regex could theoretically be abused for ReDoS, this is a vulnerability of a feature, not an indicator of malicious intent by the skill author.
Capability Assessment
Purpose & Capability
The name/description (temporary email + OTP extraction) matches the included code and runtime instructions. The script talks only to the mail.tm API and manages local state; there are no unrelated credentials, binaries, or system subsystems requested.
Instruction Scope
The SKILL.md and the Python script instruct the agent (or user) to create accounts on mail.tm, poll messages, extract OTPs/links, and save results. That scope is appropriate for the stated purpose. Note: the tool stores account credentials (JWT token, email, password) and extracted OTP/links under ~/.tempmail_otp/ and will perform repeated network calls to mail.tm while monitoring — both are expected but worth awareness.
Install Mechanism
No install spec is provided (instruction-only with a bundled script). That is low-risk: nothing is downloaded or written during an install step beyond the included files. The script uses only Python standard library modules.
Credentials
The skill requests no environment variables or external credentials. It does create and persist a JWT token and account credentials obtained from mail.tm, which is proportional to the stated functionality.
Persistence & Privilege
always is false and the skill does not modify other skills or system-wide settings. Autonomous invocation (default platform behavior) would allow the agent to run these actions on its own; while normal for skills, be aware an autonomous agent could create accounts and poll mail.tm without further prompts.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install email-otp
  3. After installation, invoke the skill by name or use /email-otp
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of email-otp skill. - Create temporary email addresses using the mail.tm API (no API key needed). - Automatically extract OTP codes and validation links from incoming emails. - Command-line interface to create accounts, monitor inboxes, filter/send OTPs, and list available domains. - Stores all state and credentials securely in `~/.tempmail_otp/`. - Saves most recent OTP and verification link to dedicated files for easy retrieval. - Includes flexible filtering (sender, subject, custom regex) and robust error handling.
Metadata
Slug email-otp
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Email OTP?

Create temporary email addresses and monitor for registration OTP codes or validation links. It is an AI Agent Skill for Claude Code / OpenClaw, with 307 downloads so far.

How do I install Email OTP?

Run "/install email-otp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Email OTP free?

Yes, Email OTP is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Email OTP support?

Email OTP is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Email OTP?

It is built and maintained by etopro (@etopro); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments