← Back to Skills Marketplace
fatihbtw

Email Registration Scanner

by fatihbtw · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
102
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install email-registration-scanner
Description
Scans email accounts (Gmail, iCloud, Outlook, Yahoo, AOL, GMX, Web.de, Fastmail, Proton, T-Online and more) for registration, welcome and confirmation emails...
README (SKILL.md)

Registration Scanner

Scans one or more email accounts for registration-related emails and returns a deduplicated, date-sorted list of every service the user has ever signed up for.

Supported Providers

Provider Access Method
Gmail Gmail tool / MCP connector
iCloud Mail IMAP – imap.mail.me.com:993
Outlook / Hotmail / Live IMAP – outlook.office365.com:993
Yahoo Mail IMAP – imap.mail.yahoo.com:993
AOL Mail IMAP – imap.aol.com:993
GMX IMAP – imap.gmx.net:993
Web.de IMAP – imap.web.de:993
T-Online IMAP – secureimap.t-online.de:993
Fastmail IMAP – imap.fastmail.com:993
Proton Mail IMAP Bridge – 127.0.0.1:1143 (Bridge required)

Full provider details and IMAP setup guides → {baseDir}/references/providers.md

Step 1 – Identify Accounts

Ask the user which email accounts to scan before doing anything else:

"Which email accounts should I scan? (e.g. Gmail, iCloud, Outlook, Yahoo, AOL, GMX, Web.de, T-Online, Fastmail, Proton – or all of them?)"

Wait for the answer. Do not proceed until the user has confirmed.

Step 2 – Collect Credentials

Gmail

Use the Gmail tool or Gmail MCP connector if already configured.
If not configured, tell the user:

"Please connect your Gmail account first via openclaw configure or by enabling the Gmail MCP connector."

IMAP Providers (iCloud, Outlook, Yahoo, AOL, GMX, Web.de, T-Online, Fastmail)

Explain to the user:

"For [provider] I need your email address and an app-specific password (not your regular login password). You can generate one in your account's security settings. I will use it only for this session and never store it in plain text."

Refer to provider-specific instructions for generating app passwords → {baseDir}/references/providers.md

Proton Mail

Proton Mail requires the Proton Mail Bridge to be running locally.

"For Proton Mail, please make sure the Proton Mail Bridge is running. I will connect to it locally at 127.0.0.1:1143."

Step 3 – Run the Scan

Gmail

Use the Gmail tool to search with these queries in sequence. Collect all matching message IDs.

Search queries across all languages → {baseDir}/references/search-queries.md

IMAP Accounts

Use the Python script at {baseDir}/scripts/imap_scan.py to connect and search:

python3 "{baseDir}/scripts/imap_scan.py" \
  --host "imap.mail.me.com" \
  --port 993 \
  --user "[email protected]" \
  --password "app-specific-password" \
  --output "/tmp/registration_scan_results.json"

The script runs all search query batches automatically and returns a JSON list of matches.

Run this for each IMAP account separately, saving results to different temp files.

Step 4 – Parse and Deduplicate Results

For every matched email:

  1. Extract: From, Date, Subject
  2. Derive the service name from the sender domain or subject line
    Example: [email protected]Spotify, [email protected]Notion
  3. Deduplicate by service: keep only the oldest entry per service (= original registration)
  4. Skip: transactional emails (password resets, receipts), pure newsletters with no registration context, internal/personal senders

Step 5 – Output

Present the final list sorted newest first. Use this format:

📋 REGISTERED SERVICES – [Account Name]
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
Found: XX services  |  Range: YYYY – YYYY

YYYY-MM-DD   Service Name
             From: [email protected]

YYYY-MM-DD   Service Name
             From: [email protected]
...
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

If multiple accounts were scanned, merge all results into one unified list sorted by date.

After showing the list, ask:

"Should I save this as a file? Or filter by a specific service or date range?"

Error Handling

  • IMAP auth failure: Ask the user to re-check their app password. Refer to {baseDir}/references/providers.md for setup steps.
  • IMAP not enabled: iCloud, Yahoo, Outlook may require IMAP to be turned on in account settings. Provider guide → {baseDir}/references/providers.md
  • Proton Bridge not running: Instruct the user to start the Proton Mail Bridge app first.
  • Rate limiting: Pause 1–2 seconds between search batches to avoid being throttled.
  • Large mailbox: Inform the user of progress. Large inboxes (100k+ emails) may take several minutes.

Privacy & Security Rules

  • Never display passwords, app keys, or credentials in output or logs.
  • Use OpenClaw's Secret Store for credentials whenever possible.
  • Delete temp files (/tmp/registration_scan_*.json) after the session ends.
  • Do not send any email content to external services.
Usage Guidance
This skill appears to do what it claims (scan email headers for registration/welcome messages), but before installing or running it, be aware of these practical risks and mitigations: - Do not pass passwords on the command line. The example runs python3 imap_scan.py --password "..." which exposes the secret to other local users (ps) and shell history. Prefer using the agent's Secret Store, an interactive prompt, or an in-memory mechanism that doesn't show passwords in process arguments. - The SKILL.md says temp files will be deleted, but the helper script writes a JSON file and does not delete it. If you run this, point output to a secure location you control, and securely delete the file when done (or modify the script to delete it after use). - Proton Mail requires the Bridge running locally; confirm you trust the Bridge instance and local environment before exposing bridge credentials. - Consider using Gmail connector/MCP rather than raw app passwords where available, since MCP may provide a safer auth flow. - Review and, if appropriate, revoke any app-specific passwords after the scan completes. If you want to proceed, either (1) request the author to fix the CLI example to use the Secret Store / prompt-based input and to implement secure deletion of temp files, or (2) run the included script locally with careful handling of secrets (stdin/prompt or environment variable not exposed to other users) and explicit secure cleanup of output files.
Capability Analysis
Type: OpenClaw Skill Name: email-registration-scanner Version: 1.0.0 The skill scans email headers via IMAP to identify registered services. While it implements privacy-preserving measures (fetching only headers, using PEEK to avoid marking emails as read, and providing guides for app-specific passwords), it requires the user to provide sensitive email credentials which are then passed as command-line arguments to a Python script (`scripts/imap_scan.py`). This practice exposes credentials in system process lists, representing a security vulnerability. Per the provided criteria, the use of high-risk capabilities (network access and email data retrieval) for its stated purpose warrants a suspicious classification.
Capability Assessment
Purpose & Capability
Name/description match the included files: SKILL.md, provider guides, search queries, and a Python IMAP helper implement the advertised registration-email scan across the listed providers. Requested inputs (app-specific passwords, Proton Bridge for Proton Mail, Gmail connector) are appropriate for the stated task.
Instruction Scope
SKILL.md says to use the Secret Store and never log passwords, but the provided example command passes the IMAP password on the command line (visible to other local users and shell history). The Python script writes results to a user-specified file in /tmp but does not itself delete temp files; SKILL.md promises deletion after the session — this is a mismatch. The runtime instructions otherwise stay within the stated scanning scope and do not reference unrelated files or remote endpoints.
Install Mechanism
Instruction-only skill plus a small stdlib-only Python script. There is no installer, no downloads, and no third-party packages; risk from installation mechanism is low.
Credentials
The skill requests user credentials (app-specific passwords or Gmail connector) which are necessary for IMAP access and are proportionate to the task. However, the documentation's claim to use the Secret Store contrasts with the example that passes passwords as CLI args, which is insecure and inconsistent with the 'never store or log credentials' promise.
Persistence & Privilege
Skill is user-invocable, not 'always'. Model invocation is allowed (default), which is normal. The skill does not request system-wide config changes or other skills' credentials.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install email-registration-scanner
  3. After installation, invoke the skill by name or use /email-registration-scanner
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release
Metadata
Slug email-registration-scanner
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Email Registration Scanner?

Scans email accounts (Gmail, iCloud, Outlook, Yahoo, AOL, GMX, Web.de, Fastmail, Proton, T-Online and more) for registration, welcome and confirmation emails... It is an AI Agent Skill for Claude Code / OpenClaw, with 102 downloads so far.

How do I install Email Registration Scanner?

Run "/install email-registration-scanner" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Email Registration Scanner free?

Yes, Email Registration Scanner is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Email Registration Scanner support?

Email Registration Scanner is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Email Registration Scanner?

It is built and maintained by fatihbtw (@fatihbtw); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463368 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259467 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200457 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191163 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190189 · by oswalpalash

💬 Comments