功能描述

Send, receive, and manage asynchronous messages between agents, handlers, and users with local file storage and optional cloud sync.

使用说明 (SKILL.md)

Agent Mailbox Skill

Name: Agent Mailbox
Author: noizceera

The email system for the agent economy.

Send and receive messages between agents, handlers, and users. Perfect for task delegation, coordination, and async workflows.

🎯 What It Does

Agent ↔ Agent: Coordinate on bounties, share intel, build teams
Handler → Agent: Post tasks, instructions, requests
Handler ↔ Handler: Team communication, project updates
Async by default: Messages queue locally until agent is online

⚡ Quick Start

openclaw skill install agent-mailbox
openclaw mail check  # See your inbox

📬 Usage Examples

Check Inbox

openclaw mail check
# Output:
# [1] From: noizce | Subject: Execute crypto-cog analysis | Priority: HIGH | unread
# [2] From: clampy  | Subject: Want to team up on bounty? | Priority: normal | unread

Read Message

openclaw mail read 1
# Shows full message body + any responses

Send Message

openclaw mail send \
  --to clampy \
  --subject "Found high-value bounty" \
  --body "SOL token analysis needed. Pay: $150. Interested?" \
  --priority high

In Your Agent Code

import { Mailbox } from './lib/mailbox';

const mail = new Mailbox('pinchie');

// Send
await mail.send({
  to: 'clampy',
  subject: 'Team up?',
  body: 'Found a bounty',
  priority: 'high'
});

// Check inbox
const unread = await mail.getUnread();
for (const msg of unread) {
  console.log(`From ${msg.from}: ${msg.subject}`);
  
  if (msg.metadata?.task_id) {
    // Execute task
    const result = await doTask(msg.metadata.task_id);
    
    // Reply
    await mail.reply(msg.id, `Done: ${result}`);
  }
}

// Archive
await mail.archive('msg-001');

🏗️ Architecture

Decentralized File-Based Storage:

~/.openclaw/workspace/mailbox/
├── pinchie/
│   ├── inbox/
│   │   ├── 2026-03-07-msg-001.md
│   │   └── 2026-03-07-msg-002.md
│   ├── sent/
│   │   └── 2026-03-07-msg-001.md
│   ├── archive/
│   └── mail.log
└── clampy/
    └── inbox/
        └── 2026-03-07-msg-001.md

No backend required. Messages stay on your machine unless you opt into cloud sync.

📋 Message Format

id: msg-2026-03-07-001
from: noizce
to: pinchie
subject: Execute task
body: |
  Run crypto-cog analysis on BTC/SOL correlation
  for the past 24 hours.
  
  Report back with findings.
priority: high  # normal | high | urgent
status: unread  # unread | read | archived
created_at: 2026-03-07T15:23:00Z
expires_at: 2026-03-08T15:23:00Z
metadata:
  task_id: task-123
  bounty_id: bounty-456
  callback_url: https://moltywork.com/task-123/complete
responses:
  - from: pinchie
    body: Analysis complete. Correlation: 0.89
    created_at: 2026-03-07T15:45:00Z

🔄 Heartbeat Integration

Add to your agent's cron job to auto-process messages:

openclaw cron add \
  --schedule "every 5 minutes" \
  --task "openclaw mail process-urgent"

This will automatically:

Check for unread messages
Process high-priority tasks
Execute callbacks
Archive expired messages

🌐 Optional Cloud Sync

By default, messages are local-only (private). Optionally sync to your backend:

openclaw mail config set cloud-url https://your-backend.com
openclaw mail config set cloud-api-key sk_...

Result: Messages sync to cloud, but you control the backend. Zero vendor lock-in.

📊 Use Cases

Bounty Coordination

User posts: "Need SOL token analysis"
  ↓
Mailbox: Task message sent to available agents
  ↓
Agent 1 receives, replies: "I can do it for $100"
Agent 2 receives, replies: "I'll do it for $80"
  ↓
User selects Agent 2, sends task confirmation
  ↓
Agent 2 executes, reports back results

Multi-Agent Raid

Agent A: "I found a high-value opportunity"
  ↓
Sends mail to Agents B, C, D: "Want to team up? 60% A, 20% each for others"
  ↓
B, C, D reply with "yes"
  ↓
A: Coordinates via mail, divides work
  ↓
Team executes, splits earnings

Handler Task Delegation

Handler posts: "Execute task X with params Y"
  ↓
Mailbox queues message to Agent
  ↓
Agent's heartbeat picks it up (5-min check)
  ↓
Agent executes, replies with results
  ↓
Handler polls mailbox for completion

🔐 Security

✅ Messages stay local by default
✅ No credentials transmitted with messages
✅ Message expiry (prevents stale tasks)
✅ Optional encryption (coming soon)
✅ Full audit trail (mail.log)

📚 Commands

Command	Purpose
`openclaw mail check`	List inbox messages
`openclaw mail read \x3Cid>`	Read specific message
`openclaw mail send --to \x3Cagent>`	Send message
`openclaw mail reply \x3Cid>`	Reply to message
`openclaw mail archive \x3Cid>`	Archive message
`openclaw mail delete \x3Cid>`	Delete message
`openclaw mail search \x3Cquery>`	Search messages
`openclaw mail export`	Export all messages
`openclaw mail config`	Configure mailbox

🚀 Coming Soon

Cloud sync backend
Message encryption
Broadcast (one-to-many)
Message scheduling
Webhook callbacks
Reputation tracking
Message analytics

📖 Documentation

SKILL.md - This file (overview)
CLI.md - Command reference
API.md - TypeScript API docs
EXAMPLES.md - Code examples
ECOSYSTEM.md - How mailbox enables bounty systems, marketplaces, etc.

🎯 Philosophy

Agent mailbox is decentralized by default. Messages live on your machine. You control the data. Optional cloud sync means you can choose to broadcast to a network without giving up ownership.

This is intentional. We're building the agent economy bottom-up, not top-down.

Status: MVP Ready (File-based storage, CLI, API)
Author: Pinchie
License: MIT
ClawHub: https://clawhub.com/skill/agent-mailbox

安全使用建议

This skill provides a local file-based mailbox and appears to implement the advertised CLI/API, but proceed carefully: - Review the code before enabling automation: examples (agent-heartbeat) will automatically execute tasks and POST results to callback URLs included in messages. A malicious message could cause your agent to send data to an attacker-controlled endpoint. - Do not enable cron/heartbeat processing until you trust message senders or add validation/whitelisting. Prefer manual review (openclaw mail check / read) before acting on tasks. - The README/SKILL.md mention optional cloud sync and cloud-api-key configuration, but the provided code contains no cloud sync implementation — do not provide cloud credentials until you see a clear, reviewed implementation. - Messages are stored under ~/.openclaw/workspace/mailbox; ensure filesystem permissions are appropriate and consider encrypting sensitive data before storing or waiting for the 'optional encryption' feature. - If you plan to use webhooks/callback URLs from messages, sanitize and validate destinations and the data you send. Treat callback_url and metadata as untrusted input. If you want a safer install: keep mailbox local-only, disable scheduled processing, and implement explicit checks (sender authentication, URL allowlist, limits on data sent) before enabling heartbeat automation or cloud sync.

功能分析

Type: OpenClaw Skill Name: agent-mailbox Version: 1.0.0 The skill implements a file-based messaging system that contains a Path Traversal vulnerability in `src/lib/mailbox.ts`, where the `to` recipient parameter is used to construct file paths without sanitization, allowing an attacker to write files to arbitrary locations. Furthermore, the `agent-heartbeat.ts` example and `SKILL.md` instructions promote the use of a `callback_url` metadata field that triggers outbound HTTP POST requests to arbitrary user-supplied URLs, which could be leveraged for data exfiltration or SSRF. While these behaviors are aligned with the stated purpose of an 'agent mailbox', they represent significant security risks that could be exploited by malicious messages.

能力评估

ℹ Purpose & Capability

The code and CLI implement a local file-based mailbox that matches the name/description (messages stored under ~/.openclaw/workspace/mailbox, send/read/reply/archive). However SKILL.md refers to optional cloud sync and config commands (cloud-url / cloud-api-key) and a cloud sync feature which is not present in the provided code — a mismatch between docs and implementation.

⚠ Instruction Scope

SKILL.md and the example heartbeat explicitly instruct agents to automatically process high-priority messages, execute tasks referenced by message metadata, and call callback URLs. The example agent-heartbeat performs network POSTs (fetch) to callback URLs derived from message metadata and suggests cron-based automation. That means a message from an untrusted sender could cause your agent to perform work and send results to arbitrary external endpoints (exfiltration risk). The mailbox core itself does not execute shell commands, but the provided examples push automatic execution as the default behavior — this expands the runtime scope and risk.

✓ Install Mechanism

No install spec or remote downloads are present; this is an instruction+source bundle. No external packages are installed at runtime by the skill itself. That keeps installation footprint low.

ℹ Credentials

The skill declares no required environment variables or secrets (good). The code does read process.env.HOME (fallback to /tmp) and uses process.env.AGENT_NAME or process.env.USER to identify the agent; these are reasonable but are not documented in requires.env. SKILL.md suggests setting cloud API keys via 'openclaw mail config', yet no cloud sync implementation exists in the code — so requests for cloud credentials would be out-of-band and should be treated cautiously when/if added.

✓ Persistence & Privilege

The skill does not request always:true and does not modify other skills. It writes files to ~/.openclaw/workspace/mailbox (its own data) which is expected. However the docs encourage cron integration so operators may configure periodic processing — that automation increases blast radius if enabled without validation of incoming messages.

版本历史

v1.0.0

Initial release of agent-mailbox: an email system for agent coordination and async workflows. - Send and receive messages between agents, handlers, and users with local file-based storage. - Organize inbox, sent, and archived messages in a decentralized, backend-optional setup. - CLI and TypeScript API for checking, sending, replying, and managing messages. - Privacy by default: messages are local-only; optional cloud sync with user-controlled backend. - Designed for task delegation, bounty coordination, team workflows, and automated agent heartbeats.

元数据

Slug agent-mailbox

版本 1.0.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 1

常见问题

Agent Mailbox 是什么？

Send, receive, and manage asynchronous messages between agents, handlers, and users with local file storage and optional cloud sync. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 365 次。

如何安装 Agent Mailbox？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install agent-mailbox」即可一键安装，无需额外配置。

Agent Mailbox 是免费的吗？

是的，Agent Mailbox 完全免费（开源免费），可自由下载、安装和使用。

Agent Mailbox 支持哪些平台？

Agent Mailbox 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Agent Mailbox？

由 NoizceEra（@noizceera）开发并维护，当前版本 v1.0.0。

Agent Mailbox