← Back to Skills Marketplace
332
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install delivery-notifier
Description
Fetches delivery emails from Gmail, extracts tracking info from selected couriers, filters marketing messages, and sends WhatsApp alerts for personal deliver...
README (SKILL.md)
Delivery Notifier
Fetches delivery notifications from Gmail and sends formatted WhatsApp alerts for personal deliveries.
How It Works
- Scans your Gmail inbox for delivery-related emails
- Identifies couriers (AliExpress, DHL, FAN Courier, KROM, Temu, etc.)
- Extracts tracking numbers when available
- Filters out marketing emails from AliExpress, Temu, etc.
- Sends WhatsApp notifications for personal deliveries
- Tracks sent notifications to avoid duplicates
Configuration
Edit /home/o0o/.openclaw/skills/delivery-notifier/scripts/delivery_notifier.py to customize:
- EMAIL settings: Your Gmail credentials
- WHATSAPP target:
+40746085791(Stefan) - EXCLUDED_SENDERS: Marketing couriers to filter (AliExpress, Temu, etc.)
Usage
Run manually:
python3 /home/o0o/.openclaw/skills/delivery-notifier/scripts/delivery_notifier.py
Or set up as a cron job:
# Every 15 minutes
*/15 * * * * /usr/bin/python3 /home/o0o/.openclaw/skills/delivery-notifier/scripts/delivery_notifier.py
Output Format
📦 LIVRARE NOUĂ
🏢 Curier: FAN Courier
📋 Trimitere: #PO-167
📄 Mesaj: FAN Courier - Comanda dumneavoastră a fost expediată
---
Generat automat de OpenClaw Delivery Notifier
State Management
- Notifications are stored in
/home/o0o/.openclaw/skills/delivery-notifier/scripts/state.json - Keeps track of sent notifications to avoid duplicates
- Old notifications expire automatically (keeps last 100)
Usage Guidance
Do not install or run this skill until you verify and fix multiple issues. Specific actions to take before trusting it:
- Inspect the full send_whatsapp implementation (the main file is truncated in the listing). Verify exactly where messages are sent and whether any external API keys or endpoints are embedded.
- Remove or replace the hard-coded WhatsApp recipient (+40746085791). A notifier should send alerts to a contact you control; a hard-coded third-party number is a privacy/exfiltration risk.
- Confirm how credentials are provided: prefer using environment variables scoped to a disposable/test account rather than embedding your primary Gmail credentials in a file. Do not provide your real Gmail app password until you audit the code.
- Fix metadata: the registry should declare required env vars (GMAIL_ADDRESS, GMAIL_APP_PASSWORD) and any other credentials the code uses. Mismatched paths (state file vs SKILL.md) should be reconciled.
- Run the debug script in a safe test inbox (and without any WhatsApp-sending enabled) to validate email fetching behavior and ensure no unexpected network calls.
- If you cannot audit the send_whatsapp logic or confirm the recipient, avoid using this skill with real personal accounts. If you obtained this from a third party, ask the publisher to explain why a fixed external number is present and to provide a version that sends only to the installing user.
Capability Analysis
Type: OpenClaw Skill
Name: delivery-notifier
Version: 1.0.0
The skill accesses a user's Gmail inbox to extract delivery information and sends it to a hardcoded WhatsApp number (+40746085791) via the openclaw messaging API. While SKILL.md mentions this number and advises customization, hardcoding a specific recipient for data parsed from private emails is a high-risk pattern. The script (delivery_notifier.py) requires GMAIL_APP_PASSWORD credentials and processes email bodies, posing a significant privacy risk if the user fails to update the target recipient.
Capability Assessment
Purpose & Capability
The skill claims to fetch delivery emails and send WhatsApp alerts for the user, which is plausible, but there are multiple mismatches: the registry lists no required environment variables yet the code reads GMAIL_ADDRESS and GMAIL_APP_PASSWORD; SKILL.md tells you to edit the script to add credentials, while the code expects env vars; SKILL.md and the code disagree on the state file path. The SKILL.md also hard-codes a WhatsApp recipient (+40746085791 ‘Stefan’), which is not coherent with a personal notifier that should deliver notifications to the installing user.
Instruction Scope
Runtime instructions and the code instruct scanning the user's Gmail inbox and storing/sendings results. The manifest and SKILL.md instruct storing or editing credentials in a script file or using env vars, which risks exposing sensitive Gmail credentials. SKILL.md explicitly lists a non-user WhatsApp target; that means personal email-derived data would be sent to a third party. The main script is truncated in the supplied listing, so the exact WhatsApp sending mechanism isn't visible — but the presence of a hard-coded external recipient is a clear scope/privacy concern.
Install Mechanism
No install spec is provided (instruction-only install), so no remote code is downloaded at install time. The skill does include Python scripts in the bundle, so code will run locally; absence of an external download lowers installation risk but does not remove the privacy/credential issues.
Credentials
The registry declares no required environment variables, yet the code expects GMAIL_ADDRESS and GMAIL_APP_PASSWORD. The SKILL.md implies credentials will be edited into a local file. Neither the required Gmail credentials nor any WhatsApp credentials are declared in metadata; requiring Gmail app passwords (sensitive secrets) is reasonable for this feature, but the omission from metadata and the hard-coded external recipient are disproportionate and suspicious. The skill may also need WhatsApp credentials or an external service token (not declared).
Persistence & Privilege
always:false (good), and the skill is user-invocable and may be invoked autonomously by the agent (platform default). Autonomous invocation combined with the noted credential access and hard-coded external recipient increases the potential blast radius if the skill runs repeatedly, but there is no request for platform-wide privileges or permanent inclusion.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install delivery-notifier - After installation, invoke the skill by name or use
/delivery-notifier - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of Delivery Notifier:
- Scans Gmail inbox for delivery notifications from major couriers.
- Filters out marketing emails to focus on personal deliveries.
- Extracts tracking numbers and key details when available.
- Sends formatted WhatsApp alerts to a specified recipient.
- Tracks sent notifications to prevent duplicates and manages notification history.
Metadata
Frequently Asked Questions
What is Delivery Notifier?
Fetches delivery emails from Gmail, extracts tracking info from selected couriers, filters marketing messages, and sends WhatsApp alerts for personal deliver... It is an AI Agent Skill for Claude Code / OpenClaw, with 332 downloads so far.
How do I install Delivery Notifier?
Run "/install delivery-notifier" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Delivery Notifier free?
Yes, Delivery Notifier is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Delivery Notifier support?
Delivery Notifier is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Delivery Notifier?
It is built and maintained by o0o-sp (@o0o-sp); the current version is v1.0.0.
More Skills