← Back to Skills Marketplace
1897
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install sogcli
Description
Standards Ops Gadget — CLI for IMAP/SMTP/CalDAV/CardDAV/WebDAV. Open-standards alternative to gog (Google) and mog (Microsoft).
Usage Guidance
This skill appears to be what it claims: a Go-based CLI for mail, calendars, contacts, tasks, and WebDAV. Before installing, consider these practical safety steps:
- Prefer installing a specific, signed/tagged release instead of @latest (e.g., go install github.com/visionik/sogcli/cmd/[email protected]) to reduce supply-chain risk.
- Inspect the repository (README, recent commits, open issues, maintainer activity) if you don't already trust the source.
- Use the default keychain storage rather than the 'file' storage option so passwords are kept in the system keyring, not in plaintext files.
- Be aware the binary will create/modify ~/.config/sog/config.json and will make network connections to whatever servers you configure (this is required functionality). Remove credentials/config if you uninstall.
- The SKILL.md contained a unicode-control-chars scanner hit — this may be harmless (emoji/formatting), but if you plan to allow autonomous agent invocation, inspect the raw SKILL.md for hidden characters.
If you want extra caution: build the binary from a checked-out tagged commit locally (go build) and audit the code paths that handle password storage and network endpoints before using it with sensitive accounts.
Capability Analysis
Type: OpenClaw Skill
Name: sogcli
Version: 0.3.0
The skill bundle is classified as suspicious due to the `sog idle --exec` command in `internal/cli/idle.go`. This command allows the execution of arbitrary shell commands upon receiving new mail, which is a powerful and potentially risky capability. While explicitly documented in `SKILL.md` and `README.md` as an intended feature for automation, it could be abused by a malicious prompt to the AI agent to execute harmful payloads. There is no clear evidence of intentional malicious behavior within the provided code or documentation, but the capability itself presents a significant risk.
Capability Assessment
Purpose & Capability
Name/description (Standards Ops Gadget) match the included code and SKILL.md: a Go CLI implementing IMAP/SMTP/CalDAV/CardDAV/WebDAV clients. Required binary is 'sog' and the install uses a go package from github.com/visionik/sogcli — all appropriate for a Go CLI. No unrelated services or credentials are requested.
Instruction Scope
SKILL.md tells the agent to invoke the sog CLI and documents commands; the runtime behaviors described (reading ~/.config/sog/config.json, using system keychain, contacting IMAP/SMTP/CalDAV/CardDAV/WebDAV endpoints) are consistent with an email/calendar/contacts/files client. There are no instructions to read unrelated system files or to send data to unexpected endpoints in the docs. Note: the CLI will access the user's account configuration and passwords (via keychain or optional file storage) and will make network connections to whatever servers the user configures — which is expected for this tool.
Install Mechanism
Install uses 'go install github.com/visionik/sogcli/cmd/sog@latest' which is standard for Go CLIs; this downloads and builds source from the GitHub repo. This is expected and proportionate, but using @latest means you pull the tip (supply-chain risk if repository is compromised). No exotic download URLs or archive extraction are present.
Credentials
The skill declares no required environment variables (SKILL.md documents optional SOG_ACCOUNT). It does require access to user passwords/config (stored in system keychain by default, or optionally a file if the user chooses 'file' storage). That access is appropriate for an email/CalDAV/CardDAV/WebDAV client. There are no unrelated credential requests.
Persistence & Privilege
The skill is not always-included and follows normal model-invocation defaults. It stores its own config under ~/.config/sog/config.json and uses the system keychain (or an optional file). It does not request elevated system privileges or attempt to modify other skills or global agent settings.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install sogcli - After installation, invoke the skill by name or use
/sogcli - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.3.0
- Major release introducing sog: a CLI tool supporting IMAP/SMTP, CalDAV, CardDAV, and WebDAV as an open-standards alternative to Google and Microsoft CLIs.
- Adds unified commands for managing email, calendars, contacts, tasks, and files through standard protocols.
- Includes secure credential management for multiple protocols with native OS integration.
- Provides powerful search, scripting, and automation options with support for JSON and TSV outputs.
- Introduces advanced features such as iTIP/iMIP meeting invites, IMAP push notifications (IDLE), and credential separation per protocol.
- Full support confirmed for Fastmail; compatible with other standards-compliant providers.
Metadata
Frequently Asked Questions
What is Sog?
Standards Ops Gadget — CLI for IMAP/SMTP/CalDAV/CardDAV/WebDAV. Open-standards alternative to gog (Google) and mog (Microsoft). It is an AI Agent Skill for Claude Code / OpenClaw, with 1897 downloads so far.
How do I install Sog?
Run "/install sogcli" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Sog free?
Yes, Sog is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Sog support?
Sog is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Sog?
It is built and maintained by visionik (@visionik); the current version is v0.3.0.
More Skills