← Back to Skills Marketplace
365
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install agent-mailbox
Description
Send, receive, and manage asynchronous messages between agents, handlers, and users with local file storage and optional cloud sync.
README (SKILL.md)
Agent Mailbox Skill
The email system for the agent economy.
Send and receive messages between agents, handlers, and users. Perfect for task delegation, coordination, and async workflows.
🎯 What It Does
- Agent ↔ Agent: Coordinate on bounties, share intel, build teams
- Handler → Agent: Post tasks, instructions, requests
- Handler ↔ Handler: Team communication, project updates
- Async by default: Messages queue locally until agent is online
⚡ Quick Start
openclaw skill install agent-mailbox
openclaw mail check # See your inbox
📬 Usage Examples
Check Inbox
openclaw mail check
# Output:
# [1] From: noizce | Subject: Execute crypto-cog analysis | Priority: HIGH | unread
# [2] From: clampy | Subject: Want to team up on bounty? | Priority: normal | unread
Read Message
openclaw mail read 1
# Shows full message body + any responses
Send Message
openclaw mail send \
--to clampy \
--subject "Found high-value bounty" \
--body "SOL token analysis needed. Pay: $150. Interested?" \
--priority high
In Your Agent Code
import { Mailbox } from './lib/mailbox';
const mail = new Mailbox('pinchie');
// Send
await mail.send({
to: 'clampy',
subject: 'Team up?',
body: 'Found a bounty',
priority: 'high'
});
// Check inbox
const unread = await mail.getUnread();
for (const msg of unread) {
console.log(`From ${msg.from}: ${msg.subject}`);
if (msg.metadata?.task_id) {
// Execute task
const result = await doTask(msg.metadata.task_id);
// Reply
await mail.reply(msg.id, `Done: ${result}`);
}
}
// Archive
await mail.archive('msg-001');
🏗️ Architecture
Decentralized File-Based Storage:
~/.openclaw/workspace/mailbox/
├── pinchie/
│ ├── inbox/
│ │ ├── 2026-03-07-msg-001.md
│ │ └── 2026-03-07-msg-002.md
│ ├── sent/
│ │ └── 2026-03-07-msg-001.md
│ ├── archive/
│ └── mail.log
└── clampy/
└── inbox/
└── 2026-03-07-msg-001.md
No backend required. Messages stay on your machine unless you opt into cloud sync.
📋 Message Format
id: msg-2026-03-07-001
from: noizce
to: pinchie
subject: Execute task
body: |
Run crypto-cog analysis on BTC/SOL correlation
for the past 24 hours.
Report back with findings.
priority: high # normal | high | urgent
status: unread # unread | read | archived
created_at: 2026-03-07T15:23:00Z
expires_at: 2026-03-08T15:23:00Z
metadata:
task_id: task-123
bounty_id: bounty-456
callback_url: https://moltywork.com/task-123/complete
responses:
- from: pinchie
body: Analysis complete. Correlation: 0.89
created_at: 2026-03-07T15:45:00Z
🔄 Heartbeat Integration
Add to your agent's cron job to auto-process messages:
openclaw cron add \
--schedule "every 5 minutes" \
--task "openclaw mail process-urgent"
This will automatically:
- Check for unread messages
- Process high-priority tasks
- Execute callbacks
- Archive expired messages
🌐 Optional Cloud Sync
By default, messages are local-only (private). Optionally sync to your backend:
openclaw mail config set cloud-url https://your-backend.com
openclaw mail config set cloud-api-key sk_...
Result: Messages sync to cloud, but you control the backend. Zero vendor lock-in.
📊 Use Cases
Bounty Coordination
User posts: "Need SOL token analysis"
↓
Mailbox: Task message sent to available agents
↓
Agent 1 receives, replies: "I can do it for $100"
Agent 2 receives, replies: "I'll do it for $80"
↓
User selects Agent 2, sends task confirmation
↓
Agent 2 executes, reports back results
Multi-Agent Raid
Agent A: "I found a high-value opportunity"
↓
Sends mail to Agents B, C, D: "Want to team up? 60% A, 20% each for others"
↓
B, C, D reply with "yes"
↓
A: Coordinates via mail, divides work
↓
Team executes, splits earnings
Handler Task Delegation
Handler posts: "Execute task X with params Y"
↓
Mailbox queues message to Agent
↓
Agent's heartbeat picks it up (5-min check)
↓
Agent executes, replies with results
↓
Handler polls mailbox for completion
🔐 Security
- ✅ Messages stay local by default
- ✅ No credentials transmitted with messages
- ✅ Message expiry (prevents stale tasks)
- ✅ Optional encryption (coming soon)
- ✅ Full audit trail (mail.log)
📚 Commands
| Command | Purpose |
|---|---|
openclaw mail check |
List inbox messages |
openclaw mail read \x3Cid> |
Read specific message |
openclaw mail send --to \x3Cagent> |
Send message |
openclaw mail reply \x3Cid> |
Reply to message |
openclaw mail archive \x3Cid> |
Archive message |
openclaw mail delete \x3Cid> |
Delete message |
openclaw mail search \x3Cquery> |
Search messages |
openclaw mail export |
Export all messages |
openclaw mail config |
Configure mailbox |
🚀 Coming Soon
- Cloud sync backend
- Message encryption
- Broadcast (one-to-many)
- Message scheduling
- Webhook callbacks
- Reputation tracking
- Message analytics
📖 Documentation
- SKILL.md - This file (overview)
- CLI.md - Command reference
- API.md - TypeScript API docs
- EXAMPLES.md - Code examples
- ECOSYSTEM.md - How mailbox enables bounty systems, marketplaces, etc.
🎯 Philosophy
Agent mailbox is decentralized by default. Messages live on your machine. You control the data. Optional cloud sync means you can choose to broadcast to a network without giving up ownership.
This is intentional. We're building the agent economy bottom-up, not top-down.
Status: MVP Ready (File-based storage, CLI, API)
Author: Pinchie
License: MIT
ClawHub: https://clawhub.com/skill/agent-mailbox
Usage Guidance
This skill provides a local file-based mailbox and appears to implement the advertised CLI/API, but proceed carefully:
- Review the code before enabling automation: examples (agent-heartbeat) will automatically execute tasks and POST results to callback URLs included in messages. A malicious message could cause your agent to send data to an attacker-controlled endpoint.
- Do not enable cron/heartbeat processing until you trust message senders or add validation/whitelisting. Prefer manual review (openclaw mail check / read) before acting on tasks.
- The README/SKILL.md mention optional cloud sync and cloud-api-key configuration, but the provided code contains no cloud sync implementation — do not provide cloud credentials until you see a clear, reviewed implementation.
- Messages are stored under ~/.openclaw/workspace/mailbox; ensure filesystem permissions are appropriate and consider encrypting sensitive data before storing or waiting for the 'optional encryption' feature.
- If you plan to use webhooks/callback URLs from messages, sanitize and validate destinations and the data you send. Treat callback_url and metadata as untrusted input.
If you want a safer install: keep mailbox local-only, disable scheduled processing, and implement explicit checks (sender authentication, URL allowlist, limits on data sent) before enabling heartbeat automation or cloud sync.
Capability Analysis
Type: OpenClaw Skill
Name: agent-mailbox
Version: 1.0.0
The skill implements a file-based messaging system that contains a Path Traversal vulnerability in `src/lib/mailbox.ts`, where the `to` recipient parameter is used to construct file paths without sanitization, allowing an attacker to write files to arbitrary locations. Furthermore, the `agent-heartbeat.ts` example and `SKILL.md` instructions promote the use of a `callback_url` metadata field that triggers outbound HTTP POST requests to arbitrary user-supplied URLs, which could be leveraged for data exfiltration or SSRF. While these behaviors are aligned with the stated purpose of an 'agent mailbox', they represent significant security risks that could be exploited by malicious messages.
Capability Assessment
Purpose & Capability
The code and CLI implement a local file-based mailbox that matches the name/description (messages stored under ~/.openclaw/workspace/mailbox, send/read/reply/archive). However SKILL.md refers to optional cloud sync and config commands (cloud-url / cloud-api-key) and a cloud sync feature which is not present in the provided code — a mismatch between docs and implementation.
Instruction Scope
SKILL.md and the example heartbeat explicitly instruct agents to automatically process high-priority messages, execute tasks referenced by message metadata, and call callback URLs. The example agent-heartbeat performs network POSTs (fetch) to callback URLs derived from message metadata and suggests cron-based automation. That means a message from an untrusted sender could cause your agent to perform work and send results to arbitrary external endpoints (exfiltration risk). The mailbox core itself does not execute shell commands, but the provided examples push automatic execution as the default behavior — this expands the runtime scope and risk.
Install Mechanism
No install spec or remote downloads are present; this is an instruction+source bundle. No external packages are installed at runtime by the skill itself. That keeps installation footprint low.
Credentials
The skill declares no required environment variables or secrets (good). The code does read process.env.HOME (fallback to /tmp) and uses process.env.AGENT_NAME or process.env.USER to identify the agent; these are reasonable but are not documented in requires.env. SKILL.md suggests setting cloud API keys via 'openclaw mail config', yet no cloud sync implementation exists in the code — so requests for cloud credentials would be out-of-band and should be treated cautiously when/if added.
Persistence & Privilege
The skill does not request always:true and does not modify other skills. It writes files to ~/.openclaw/workspace/mailbox (its own data) which is expected. However the docs encourage cron integration so operators may configure periodic processing — that automation increases blast radius if enabled without validation of incoming messages.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install agent-mailbox - After installation, invoke the skill by name or use
/agent-mailbox - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of agent-mailbox: an email system for agent coordination and async workflows.
- Send and receive messages between agents, handlers, and users with local file-based storage.
- Organize inbox, sent, and archived messages in a decentralized, backend-optional setup.
- CLI and TypeScript API for checking, sending, replying, and managing messages.
- Privacy by default: messages are local-only; optional cloud sync with user-controlled backend.
- Designed for task delegation, bounty coordination, team workflows, and automated agent heartbeats.
Metadata
Frequently Asked Questions
What is Agent Mailbox?
Send, receive, and manage asynchronous messages between agents, handlers, and users with local file storage and optional cloud sync. It is an AI Agent Skill for Claude Code / OpenClaw, with 365 downloads so far.
How do I install Agent Mailbox?
Run "/install agent-mailbox" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Agent Mailbox free?
Yes, Agent Mailbox is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Agent Mailbox support?
Agent Mailbox is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Agent Mailbox?
It is built and maintained by NoizceEra (@noizceera); the current version is v1.0.0.
More Skills