← Back to Skills Marketplace
krishnakumarmahadevan-cmd

Email Header Analyser

by ToolWeb · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
117
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install email-header-analyser
Description
Analyzes email headers to extract authentication, routing, and security metadata for threat detection and email forensics.
README (SKILL.md)

Overview

The Email Header Analyser API provides deep inspection and forensic analysis of email message headers. Security professionals, incident responders, and email administrators use this tool to identify spoofing attempts, trace message routing, validate authentication protocols (SPF, DKIM, DMARC), and detect malicious headers.

Email headers contain critical metadata that reveals the true origin of messages, intermediate mail servers, and authentication status. This API parses raw headers and extracts actionable intelligence for phishing investigations, compliance audits, and email security operations.

Ideal users include SOC analysts, email security teams, incident response professionals, forensic investigators, and organizations requiring email authentication verification and threat intelligence capabilities.

Usage

Sample Request

{
  "header": "Received: from mail.example.com (mail.example.com [192.0.2.1]) by mx.targetdomain.com with SMTP id abc123; Wed, 15 Jan 2025 10:30:45 +0000\
From: [email protected]\
To: [email protected]\
Subject: Security Analysis\
Authentication-Results: targetdomain.com; spf=pass [email protected]; dkim=pass header.d=example.com; dmarc=pass\
Return-Path: \[email protected]>\
Date: Wed, 15 Jan 2025 10:30:45 +0000"
}

Sample Response

{
  "sender_ip": "192.0.2.1",
  "sender_domain": "mail.example.com",
  "from_address": "[email protected]",
  "to_address": "[email protected]",
  "received_servers": [
    {
      "hostname": "mail.example.com",
      "ip": "192.0.2.1",
      "timestamp": "2025-01-15T10:30:45Z"
    },
    {
      "hostname": "mx.targetdomain.com",
      "ip": null,
      "timestamp": null
    }
  ],
  "authentication": {
    "spf": "pass",
    "dkim": "pass",
    "dmarc": "pass"
  },
  "subject": "Security Analysis",
  "date": "2025-01-15T10:30:45Z",
  "return_path": "[email protected]",
  "suspicious_indicators": []
}

Endpoints

POST /analyze-header

Analyzes a raw email header to extract authentication, routing, and security metadata.

Method: POST
Path: /analyze-header

Request Parameters:

Parameter Type Required Description
header string Yes Raw email header text containing one or more Received headers, authentication headers, and message metadata.

Response Schema:

The response contains extracted header analysis including:

Field Type Description
sender_ip string IP address of the originating mail server.
sender_domain string Hostname of the originating mail server.
from_address string Email address in the From header.
to_address string Email address in the To header.
received_servers array List of mail servers in the routing path with hostname, IP, and timestamp.
authentication object Authentication protocol results (spf, dkim, dmarc status).
subject string Email subject line.
date string Message date in ISO 8601 format.
return_path string Return-Path header value.
suspicious_indicators array List of detected anomalies or security concerns.

Status Codes:

  • 200: Successful analysis returned.
  • 422: Validation error—header field missing or invalid.

Pricing

Plan Calls/Day Calls/Month Price
Free 5 50 Free
Developer 20 500 $39/mo
Professional 200 5,000 $99/mo
Enterprise 100,000 1,000,000 $299/mo

About

ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

Usage Guidance
This skill appears to be a thin API descriptor that points at third-party hosts (api.mkkpro.com, toolweb.in) but does not declare the server URL in OpenAPI or any required API keys. Before installing or using it: (1) confirm who operates the api.mkkpro.com/toolweb.in endpoints and read their privacy/security policy; (2) assume any header text you submit will be transmitted off‑host — email headers can contain PII and internal network information, so do not submit production or sensitive headers until you trust the endpoint; (3) ask the skill author to include the API server(s) in openapi.json, declare required credentials, and document how data is handled, retained, and protected; (4) if you need offline/local analysis, prefer a skill or tool that runs parsing code locally or provide your own self‑hosted endpoint; (5) test with synthetic headers first. If the author cannot provide clear hosting/authentication/privacy details, treat the skill as unsafe for sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: email-header-analyser Version: 1.0.0 The bundle provides documentation and an OpenAPI specification for an external 'Email Header Analyser API'. It contains no executable code, only descriptive markdown (SKILL.md) and a standard API schema (openapi.json) for parsing email headers. No malicious instructions, data exfiltration patterns, or prompt injection attempts were found.
Capability Assessment
Purpose & Capability
The SKILL.md and openapi describe an API-based email header analyzer and list external hostnames (api.mkkpro.com, toolweb.in). However the skill declares no servers in the OpenAPI, no install, and no required credentials. If this skill is expected to call a third‑party API, it should declare the server URL and any required API keys. The absence of those items is inconsistent with a hosted API integration.
Instruction Scope
The instructions describe accepting raw email headers and returning parsed forensic results. They do not instruct reading local files or env vars, which is good, but they implicitly direct the agent to use an external service (links and a Kong route are provided). That means sensitive email headers (containing IPs, addresses, possibly internal routing info) would be transmitted to the listed third parties. There is no privacy notice, no explicit consent step, and no guidance to avoid sending production-sensitive headers.
Install Mechanism
This is an instruction-only skill with no install spec or code — lowest disk/write risk. However, because it appears to rely on an external API, the security surface is runtime network calls rather than local installation. That makes network destination and authentication the primary risk vectors.
Credentials
The skill lists pricing plans (Free/Developer/Professional/Enterprise) which implies an API that likely requires keys or an account, yet requires.env and primary credential are empty. This omission is disproportionate: a hosted API integration should declare required credentials or clearly document how authentication is handled. The mismatch makes it unclear whether the skill will prompt users for credentials or silently transmit data.
Persistence & Privilege
always is false and there are no declared actions that modify other skills or system settings. The skill can be invoked autonomously by the agent (platform default), which increases risk only in combination with the other concerns above, but autonomy alone is not flagged.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install email-header-analyser
  3. After installation, invoke the skill by name or use /email-header-analyser
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Email Header Analyser API. - Provides deep forensic analysis of raw email headers for authentication, routing, and security metadata. - Extracts key data such as sender IP/domain, subject, return path, authentication (SPF, DKIM, DMARC) results, and suspicious indicators. - Designed for security analysts, incident responders, and email admins. - POST /analyze-header endpoint for header analysis. - Detailed documentation and sample requests/responses included.
Metadata
Slug email-header-analyser
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Email Header Analyser?

Analyzes email headers to extract authentication, routing, and security metadata for threat detection and email forensics. It is an AI Agent Skill for Claude Code / OpenClaw, with 117 downloads so far.

How do I install Email Header Analyser?

Run "/install email-header-analyser" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Email Header Analyser free?

Yes, Email Header Analyser is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Email Header Analyser support?

Email Header Analyser is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Email Header Analyser?

It is built and maintained by ToolWeb (@krishnakumarmahadevan-cmd); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments