功能描述

Send Gmail messages from an operator-controlled Chrome debug session using Gmail CDP automation. Use when the user asks to send email from the local machine,...

使用说明 (SKILL.md)

Gmail CDP Delivery

Name: CDP Gmail Delivery
Author: joustonhuang

Use this workflow when a user asks to send email by Gmail from the local machine, with or without an attachment.

Current limitation: this skill supports plain-text Gmail body content plus attachments. It does not reliably support sending raw HTML as inline Gmail body content.

Required Inputs

Recipient email
Optional file path or paths
Optional body text

Environment Assumptions

Chrome with remote debugging support is already installed and expected to be available
Chrome debug launcher exists in your repo/workspace when restart help is needed:
- scripts/restart_debug_chrome.sh
Chrome DevTools endpoint is http://127.0.0.1:9222
Node and npm are available
This skill's runtime dependency is installed once with the bundled installer into skills/cdp-gmail-delivery/.runtime/pupp-mail

Preflight Checklist

If attaching a file, confirm target file exists and is readable
If attaching files for a personal Gmail account, keep total size at or under 25 MB
Reject obviously blocked Gmail attachment classes before send:
- executable/script-heavy file types like .exe, .dll, .js, .jar, .bat, .cmd, .msi, .iso, and similar blocked extensions
- blocked files inside archives, including compressed forms or nested archives
- password-protected archives
- documents with malicious macros
Confirm recipient email is explicit
Confirm CDP endpoint responds (http://127.0.0.1:9222/json/version)
Confirm user login state in visible debug Chrome session

If a requested attachment appears blocked or too large for Gmail, stop and ask the human operator for another delivery path. Do not keep retrying the same blocked upload.

If the user wants an HTML newsletter or raw HTML email body, treat inline HTML body delivery as unsupported for this skill under the current Gmail compose + CDP model. Use plain-text summary/body plus an .html attachment instead, or use a future Gmail API / MIME-based workflow.

For detectable cases, scripts/send_via_cdp.js should fail before opening Gmail and print a limitation result instead of pretending the upload might work.

Workflow

Assume Chrome CDP is already available and try the send flow first.
If the CDP endpoint is unavailable, run scripts/restart_debug_chrome.sh from repo/workspace root.
If CDP is still unavailable after restart, ask the human operator to help restore the visible debug Chrome session.
If Gmail is not already authenticated in that visible Chrome window, ask the operator to sign in manually.
Send mail over CDP with scripts/send_via_cdp.js.
Verify send in Sent folder by a unique subject.

Non-negotiable Validation

Before clicking Send, validate all of the following in the live compose draft:

To field contains intended recipient
Subject is non-empty and unique
If attaching files, the compose draft shows all requested filenames before send

If any check fails, stop and repair draft fields before send.

Gmail Attachment Constraints

Personal Gmail sending limit: 25 MB total attachment size
Google Workspace accounts may use admin-defined limits instead
Gmail blocks many risky attachment types, including executable and script-like formats such as:
- .ade, .adp, .apk, .appx, .appxbundle, .bat, .cab, .chm, .cmd, .com, .cpl, .diagcab, .diagcfg, .diagpkg, .dll, .dmg, .ex, .ex_, .exe, .hta, .img, .ins, .iso, .isp, .jar, .jnlp, .js, .jse, .lib, .lnk, .mde, .mjs, .msc, .msi, .msix, .msixbundle, .msp, .mst, .nsh, .pif, .ps1, .scr, .sct, .shb, .sys, .vb, .vbe, .vbs, .vhd, .vxd, .wsc, .wsf, .wsh, .xll
Gmail can also block:
- compressed forms of blocked files
- blocked files found inside archives like .zip or .tgz
- password-protected archives
- documents with malicious macros

Use these constraints as preflight filters. If the file is likely to be blocked, do not claim it can be mailed successfully.

HTML Email Limitation

Do not promise raw HTML body delivery through Gmail compose DOM automation
Gmail compose currently behaves like a plain-text/body-editor automation target for this skill, not a reliable raw HTML injection target
Treat HTML email as a limitation of this skill, not a temporary success path
Current supported workaround:
- put a plain-text summary or intro in the email body
- attach the full .html file
Future upgrade path for true inline HTML email:
- Gmail API
- raw MIME message assembly

Install (one-time)

From the workspace root, run:

bash skills/cdp-gmail-delivery/scripts/install_runtime.sh

What it does:

Creates skills/cdp-gmail-delivery/.runtime/pupp-mail
Initializes a minimal npm runtime there
Installs pinned puppeteer-core@24

This keeps the runtime local to the skill instead of using an ad hoc /tmp path.

Send Command

node skills/cdp-gmail-delivery/scripts/send_via_cdp.js \
  --to "[email protected]" \
  --body "Optional message"

With attachment:

node skills/cdp-gmail-delivery/scripts/send_via_cdp.js \
  --to "[email protected]" \
  --file "/absolute/path/to/file.txt" \
  --body "Optional message"

With multiple attachments:

node skills/cdp-gmail-delivery/scripts/send_via_cdp.js \
  --to "[email protected]" \
  --file "/absolute/path/to/file-a.txt" \
  --file "/absolute/path/to/file-b.txt" \
  --body "Optional message"

Success Output

The script prints:

EMAIL_SENT_OK
SUBJECT=\x3Cunique-subject>
TO=\x3Crecipient>
FILE_NAME=\x3Cbasename-only> for each attached file

Report success only after these outputs and Sent verification succeed. Do not expose absolute local filesystem paths in success messages.

When local preflight detects a Gmail attachment limitation, the script should print:

LIMITATION_GMAIL_ATTACHMENT
REASON=\x3Climitation-type>
DETAILS=\x3Cdetected-context> when available
ACTION=... telling the human operator this is a limitation of Gmail attachment sending for this skill

When to read extra references

If send flow fails or behaves unexpectedly: read references/troubleshooting.md
If you need incident evidence/context: read references/receipts.md

References

Runtime model:
- This workflow uses direct Chrome CDP automation (Puppeteer), not agent-browser.
Browser runtime/bootstrap foundation:
- https://github.com/joustonhuang/chrome_for_openclaw
- Script references: chrome_for_openclaw.sh, scripts/restart_debug_chrome.sh
Historical script context:
- scripts/xrdp_chrome_debug_setup.sh
Git repo context: https://github.com/joustonhuang/unifai
Incident receipts:
- references/receipts.md
Troubleshooting:
- references/troubleshooting.md

安全使用建议

This skill automates whichever Gmail account is currently logged into the local Chrome debug session and will send messages using that account, so: 1) review and, if necessary, run the included install_runtime.sh in a controlled environment (it will download puppeteer-core from npm); 2) inspect any external restart_debug_chrome.sh in your workspace before running it (the skill expects such a script but does not include it); 3) confirm the visible Chrome session is the intended Gmail account before sending; 4) only pass files you trust and heed the preflight blocked-file checks; and 5) if you need stronger assurance, run the installer and send operations on an isolated machine or VM and verify the scripts' contents first.

功能分析

Type: OpenClaw Skill Name: cdp-gmail-delivery Version: 1.0.8 The skill is a legitimate utility for sending Gmail messages via Chrome DevTools Protocol (CDP) automation. It includes robust security features in scripts/send_via_cdp.js, such as a pre-flight checklist that explicitly blocks the transmission of executable files, script-heavy extensions, and macro-enabled documents, even inspecting the contents of ZIP archives for restricted file types. The workflow is transparent, requires a local Chrome debug session, and includes detailed troubleshooting and verification steps without any evidence of data exfiltration, obfuscation, or malicious intent.

能力标签

crypto

能力评估

✓ Purpose & Capability

Name/description match the code and docs: the skill connects to a local Chrome DevTools endpoint and uses puppeteer-core to open Gmail and send messages. Required binaries (node, npm) and the npm dependency are appropriate for this task.

ℹ Instruction Scope

SKILL.md and scripts confine actions to local resources (files, local CDP endpoint, and the user's visible Chrome session). One point to note: the workflow refers to running an external restart script (scripts/restart_debug_chrome.sh) that is not bundled here — that script lives in the workspace and could perform arbitrary actions if present, so operators should review it before running.

ℹ Install Mechanism

There is no registry install spec, but a bundled install_runtime.sh performs npm install puppeteer-core@24 into a local .runtime directory. This is a common, expected mechanism but does pull code from the public npm registry at install time (network activity).

✓ Credentials

The skill requests no credentials or environment secrets. It legitimately needs access to local files (attachments) and the local Chrome CDP endpoint; the preflight checks and blocked-extension lists match the stated purpose.

✓ Persistence & Privilege

always is false and the skill does not request elevated or persistent platform privileges. It does not modify other skills or global agent settings.

版本历史

v1.0.8

Version 1.0.8 - Documented a new explicit limitation: sending raw HTML email body is not reliably supported; only plain-text body plus attachments are supported. - Added guidance to treat HTML body requests as unsupported; suggest attaching .html files or using plain-text summaries instead. - Updated workflow and preflight sections to clarify behavior regarding HTML emails and editor capability. - No functional or code changes—documentation improvements only.

v1.0.7

• support text-only Gmail sends, attachment no longer required • support multiple attachments via repeated --file • improve text-only subject uniqueness to avoid Sent-verification collisions • assume Chrome CDP is available by default, restart debug Chrome before asking human for help • remove unfinished Google Drive fallback guidance from the skill • document Gmail attachment limits and blocked-file behavior as current skill limitations • add preflight enforcement for detectable Gmail attachment limitations • emit explicit operator-facing limitation output when Gmail attachment sending is not viable

v1.0.6

* Fix review issues: remove absolute path leak from success output, add bundled runtime installer, pin puppeteer-core locally, and clarify operator-controlled sign-in workflow.

v1.0.5

Initial release of cdp-gmail-delivery. - Enables reliable file sending via Gmail from an operator-controlled Chrome debug session, using Chrome DevTools Protocol automation. - Automatically falls back to Google Drive share links if direct Gmail attachments are blocked. - Includes validation steps for recipient, subject, and attachments before sending. - Provides workflow for user login, Chrome session management, and delivery confirmation. - Installation and usage instructions for the required puppeteer-core scripts are included.

元数据

Slug cdp-gmail-delivery

版本 1.0.8

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 4

常见问题

CDP Gmail Delivery 是什么？

Send Gmail messages from an operator-controlled Chrome debug session using Gmail CDP automation. Use when the user asks to send email from the local machine,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 127 次。

如何安装 CDP Gmail Delivery？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install cdp-gmail-delivery」即可一键安装，无需额外配置。

CDP Gmail Delivery 是免费的吗？

是的，CDP Gmail Delivery 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

CDP Gmail Delivery 支持哪些平台？

CDP Gmail Delivery 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 CDP Gmail Delivery？

由 joustonhuang（@joustonhuang）开发并维护，当前版本 v1.0.8。

CDP Gmail Delivery