← Back to Skills Marketplace
coorops25

gmailcleanerfall

by Coorops25 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
454
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install gmailcleanerv2
Description
Read/search Gmail via gog CLI (preferred) or Python scripts (fallback). Inbox check, email search, content retrieval, IMAP support.
README (SKILL.md)

email-reader

Cuándo usar

Usuario pide revisar inbox, buscar correos, leer mensajes, listar carpetas, o ver emails recientes.

Backend A — gog CLI (preferido)

Setup (una vez)

brew install steipete/tap/gogcli
gog auth credentials /ruta/credentials.json
gog auth add $GOG_ACCOUNT --services gmail

Comandos

# No leídos (acción por defecto)
gog gmail search 'in:inbox is:unread' --max 5 --format minimal --json --no-input

# Búsqueda por criterio
gog gmail search '\x3Cquery>' --max 10 --format minimal --json --no-input

# Correo completo
gog gmail get \x3CID> --format full --json --no-input

# Hilo completo
gog gmail thread \x3CTHREAD_ID> --format minimal --json --no-input

Queries útiles

# Carpetas sistema
'in:inbox newer_than:1d'   'in:spam newer_than:30d'
'in:sent newer_than:7d'    'is:starred'

# Etiquetas personalizadas
'label:Clientes'  'label:Facturas newer_than:90d'

# Filtros
'from:[email protected] is:unread'
'subject:propuesta newer_than:7d'
'has:attachment in:inbox newer_than:7d'

Operadores Gmail

from: to: subject: label: is:unread is:starred has:attachment newer_than:Nd older_than:Nd in:inbox in:sent after:YYYY/MM/DD

Backend B — Python (fallback)

Setup (una vez)

pip install google-api-python-client google-auth-oauthlib beautifulsoup4 cryptography
python3 scripts/auth.py   # OAuth → genera token.json cifrado

Comandos

python3 scripts/fetch_emails.py --label INBOX --max 50
python3 scripts/fetch_emails.py --label INBOX --unread-only --max 20
python3 scripts/fetch_emails.py --label INBOX --since 2026-01-01
python3 scripts/fetch_emails.py --label INBOX --from [email protected]
python3 scripts/fetch_emails.py --label SPAM  --max 100
python3 scripts/fetch_emails.py --label Clientes --max 30
python3 scripts/list_folders.py                     # listar etiquetas
python3 scripts/fetch_thread.py --thread-id \x3CID>   # hilo completo
python3 scripts/imap_fetch.py --host imap.outlook.com --folder INBOX  # no-Gmail

Flujo

  1. Detectar backend: command -v gog &>/dev/null && BACKEND=gog || BACKEND=python
  2. Construir query desde intent del usuario — preguntar si ambiguo
  3. Ejecutar con --max N conservador (default 5-10)
  4. Parsear JSON → presentar: remitente, asunto, fecha, preview + ID
  5. Ofrecer: leer completo, refinar búsqueda, actuar

Reglas

  • SIEMPRE --json + --no-input; nunca mostrar JSON crudo
  • Default --max 5; subir solo si usuario pide más
  • Preservar IDs para acciones posteriores
  • Sin resultados → sugerir query más amplio
  • Solo lectura; enviar/responder → email-responder

Errores

  • gog missing → brew install steipete/tap/gogcli
  • GOG_ACCOUNT unset → pedir Gmail al usuario
  • Token expired → gog auth add \x3Cemail> / python3 scripts/auth.py
Usage Guidance
What to consider before installing: - Metadata mismatch: The registry metadata for required env vars appears malformed; ask the publisher for corrected/complete required env variable names and a clear list of permissions the skill needs. - Broad capabilities: Although the top-level description says 'read/search Gmail', the package contains organizer/responder/scheduler scripts that can move/delete messages, create/send drafts, and schedule cron/heartbeat jobs. Only install if you accept those actions and understand they can modify your mailbox. - Credentials & files: The Python code performs OAuth and writes encrypted token files (token.json, token.key) to disk. Confirm where these files will be stored and whether you accept that location and file permissions. Ensure you use a dedicated account or sandbox if you are unsure. - Third-party install risk: The gog CLI is installed from steipete/tap via Homebrew — inspect that tap/formula source before installing to ensure it's trustworthy. The Python fallback uses packages including anthropic; the analyzer/responder require an ANTHROPIC_API_KEY if used. - Automation & confirmations: Some CLI examples use --no-input and batch xargs pipelines. Even though many scripts demand explicit confirmations, examples show how to run destructive batch ops non-interactively. If you enable scheduling, double-check cron/heartbeat entries and keep audit logs enabled. Recommended next actions: - Request corrected registry metadata and a clear manifest of required env vars (GOG_ACCOUNT, GMAIL_CREDENTIALS_PATH, GMAIL_TOKEN_PATH/GMAIL_KEY_PATH, ANTHROPIC_API_KEY, IMAP_USER/IMAP_PASSWORD if used). - Inspect the Homebrew formula source (steipete/tap/gogcli) before installing. - If possible, test on a throwaway Gmail account first and avoid enabling scheduler/cron until you validate behavior. - If you only need read/search, prefer using the gog CLI backend interactively and avoid installing or running the Python fallback and scheduler components. - If you are not comfortable with the above inconsistencies or with granting send/modify/scheduling capabilities, do not install. If you want, I can: (a) list exactly which env vars and files the code reads/writes, (b) show the Homebrew formula URL to inspect, or (c) produce a minimal 'read-only' variant by removing scheduling/responder/organizer scripts.
Capability Analysis
Type: OpenClaw Skill Name: gmailcleanerv2 Version: 1.0.0 The skill bundle is designed for comprehensive email management, including reading, organizing, analyzing, and responding. It uses broad Gmail API scopes (read, modify, compose) and executes shell commands via `gog` CLI, often piped with `jq` and `xargs`. While these capabilities are necessary for its stated purpose, the broad API permissions and the use of `xargs` (even with controlled input like `.[].id`) present a vulnerability risk if the agent or its input were compromised. The `scheduler.py` script also includes an `--auto` flag that bypasses user confirmations for actions, which is a risky capability for automation. However, the `SKILL.md` files for `email-organizer` and `email-responder` explicitly instruct the agent to seek user confirmation for destructive or sending actions, and `email-analyzer/SKILL.md` even includes instructions for the agent to detect prompt injection patterns within emails. There is no clear evidence of intentional malicious behavior like unauthorized data exfiltration or hidden backdoors. The risks identified are primarily vulnerabilities that *could* be exploited, rather than proof of malicious intent, leading to a 'suspicious' classification.
Capability Assessment
Purpose & Capability
The registry name/description and the top SKILL.md describe an email reader, but the bundle includes organizer, responder, scheduler, analyzer, reporter, and their Python scripts that perform destructive actions (trash/delete), create/send drafts, manage labels, and modify cron/heartbeat. Having those management/send/scheduling features is disproportionate if the published skill is intended only for reading/searching.
Instruction Scope
Runtime instructions tell the agent to run gog commands and Python scripts which is expected, but other SKILL.md files instruct editing ~/.openclaw/openclaw.json, adding cron/heartbeat entries, and running batch operations (jq|xargs) with --no-input. Those steps extend scope from 'read' to persistent automation and mailbox modifications; some example flows include irreversible deletes and automated scheduled actions.
Install Mechanism
Install uses a third-party Homebrew tap (steipete/tap/gogcli) to install 'gog' — not a built-in core formula. Python fallback instructions advise pip installing multiple packages (google-api-python-client, cryptography, anthropic, etc.). No arbitrary downloads/extract-from-unknown-URL were found, but the third-party brew tap raises moderate trust risk and should be inspected before installing.
Credentials
Registry metadata shows malformed env entries ("[object Object]") while SKILL.md and code reference multiple environment variables: GOG_ACCOUNT, GMAIL_CREDENTIALS_PATH, (and in code) GMAIL_TOKEN_PATH, GMAIL_KEY_PATH, ANTHROPIC_API_KEY, IMAP_USER/IMAP_PASSWORD, and others. Scripts require OAuth credentials and an encryption key file (token.key) and may create token files on disk. The declared env vars do not fully account for what the code actually uses, which is disproportionate and risky.
Persistence & Privilege
The skill is not always:true, but includes instructions and scripts to add cron/heartbeat entries and run continuous schedulers; combined with send/modify/delete capabilities this gives a path to persistent automated mailbox operations if the user enables scheduling. The code logs actions to an audit file under the workspace, but the presence of scheduling and send/delete capabilities increases the potential blast radius.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install gmailcleanerv2
  3. After installation, invoke the skill by name or use /gmailcleanerv2
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release for Gmail email reader skill: - Enables read-only access to Gmail inbox and labels via gog CLI (preferred) or Python scripts (fallback). - Supports searching, reading, and previewing emails; includes IMAP support. - Provides setup and usage instructions for both backends. - Returns results in JSON format, presenting sender, subject, date, and preview. - Includes error handling for missing dependencies, credentials, and expired tokens. - Conservatively returns a limited number of emails by default, with options to refine or expand queries.
Metadata
Slug gmailcleanerv2
Version 1.0.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is gmailcleanerfall?

Read/search Gmail via gog CLI (preferred) or Python scripts (fallback). Inbox check, email search, content retrieval, IMAP support. It is an AI Agent Skill for Claude Code / OpenClaw, with 454 downloads so far.

How do I install gmailcleanerfall?

Run "/install gmailcleanerv2" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is gmailcleanerfall free?

Yes, gmailcleanerfall is completely free (open-source). You can download, install and use it at no cost.

Which platforms does gmailcleanerfall support?

gmailcleanerfall is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created gmailcleanerfall?

It is built and maintained by Coorops25 (@coorops25); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments