← 返回 Skills 市场
rotemtam

Clawback

作者 Rotem Tamir · GitHub ↗ · v0.2.0
cross-platform ⚠ suspicious
451
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install clawback-sh
功能描述
Gmail security proxy with policy enforcement, approval workflows, and audit logging. Use when the user wants to read, search, or send Gmail with guardrails —...
使用说明 (SKILL.md)

clawback

Use clawback for Gmail with policy enforcement. All operations go through a server-side proxy that enforces policies and logs an audit trail. Sends may require human approval.

Prerequisites

The clawback binary must be installed and on your PATH. If it's missing, releases are available at https://github.com/honeybadge-labs/clawback/releases.

Setup (once)

  • clawback auth login (device flow — opens browser)
  • clawback auth status (verify connection)

Common commands

  • Gmail search: clawback gmail search 'newer_than:7d' --max 10
  • Gmail search (all pages): clawback gmail search 'from:[email protected]' --all --json
  • Gmail get message: clawback gmail get \x3CmessageId> --json
  • Gmail send (plain): clawback gmail send --to [email protected] --subject "Hi" --body "Hello"
  • Gmail send (HTML): clawback gmail send --to [email protected] --subject "Hi" --body-html "\x3Cp>Hello\x3C/p>"
  • Gmail send (reply): clawback gmail send --to [email protected] --subject "Re: Hi" --body "Reply" --reply-to-message-id \x3CmsgId> --thread-id \x3CthreadId>
  • Thread list: clawback gmail thread list 'subject:meeting' --max 20
  • Thread get: clawback gmail thread get \x3CthreadId> --json
  • Thread modify labels: clawback gmail thread modify \x3CthreadId> --add STARRED --remove UNREAD
  • Labels list: clawback gmail labels list
  • Labels create: clawback gmail labels create --name "Important/Clients"
  • Labels modify message: clawback gmail labels modify \x3CmessageId> --add STARRED --remove UNREAD
  • Drafts list: clawback gmail drafts list --json
  • Drafts create: clawback gmail drafts create --to [email protected] --subject "Draft" --body "WIP"
  • Drafts send: clawback gmail drafts send \x3CdraftId> (may require approval)
  • Drafts delete: clawback gmail drafts delete \x3CdraftId>
  • History: clawback gmail history --since \x3ChistoryId> --max 50
  • Batch delete: clawback gmail batch delete \x3Cid1> \x3Cid2> \x3Cid3>
  • Batch modify: clawback gmail batch modify \x3Cid1> \x3Cid2> --add INBOX --remove SPAM
  • Settings filters list: clawback gmail settings filters list --json
  • Settings send-as list: clawback gmail settings send-as list
  • Settings vacation get: clawback gmail settings vacation get
  • Settings forwarding list: clawback gmail settings forwarding list
  • Settings delegates list: clawback gmail settings delegates list
  • Approvals list: clawback approvals list --status pending --json
  • Approvals get: clawback approvals get \x3CapprovalId> --json
  • Policy list: clawback policy list --json

Agent behavior

  • Never expose approval IDs, exit codes, or CLI commands to the user. Those are internal plumbing.
  • When composing email on the user's behalf, draft a natural subject and body — don't parrot their words verbatim. If they say "send a hello to Alex," write a friendly greeting, not --subject "hello" --body "hello".
  • Confirm with the user before sending. Show them the draft (to, subject, body) and ask if it looks good.

Handling approvals (exit code 8)

When a send command exits with code 8, it means the email needs human approval before it goes out.

  1. Tell the user in plain language: "Sent! It needs approval in Clawback before it goes through — I'll keep an eye on it."
  2. Poll clawback approvals get \x3CapprovalId> --json in the background every ~30s.
  3. When resolved, proactively tell the user: "Approved and delivered" or "The approval was rejected/expired — the email was not sent."
  4. Never ask the user to run commands or check approval status themselves.

Handling other errors

  • Exit 4 (not authenticated): "You're not signed in — let me open the login flow." Then run clawback auth login.
  • Exit 6 (blocked by policy): "Your org's policy doesn't allow this action." Explain what was blocked.
  • Exit 3 (no results): Report naturally, e.g. "No emails matched that search."
  • Exit 1 (unexpected error): Report the error and suggest retrying.

Notes

  • CB_SERVER defaults to https://clawback.sh; set it to use a different server.
  • Prefer --json plus --no-input plus --fail-empty for reliable output parsing.
  • --connection \x3Cid> selects which Gmail connection to use; auto-detected if you have one connection.
  • --all auto-paginates search results (gmail search and thread list).
  • --select field1,field2 projects JSON output to specific fields.
  • --results-only strips the envelope and returns just the data array.
安全使用建议
This skill is coherent, but it requires trust in the external Clawback service because the CLI's device-flow authentication gives that service access to your Gmail data (and it enforces policies and logs audits). Before installing: (1) verify you obtain the 'clawback' binary only from the official repo/releases (https://github.com/honeybadge-labs/clawback or https://clawback.sh), (2) inspect the OAuth scopes the CLI requests during auth so you understand what the proxy can read/send, (3) confirm your org's policy about routing mail through a third-party proxy/audit service, and (4) be aware the agent is instructed to poll approval state in the background and to keep approval IDs/internal CLI output hidden from users — this requires you to trust the skill to notify you accurately. If any of those trust points are unacceptable, do not install.
功能分析
Type: OpenClaw Skill Name: clawback-sh Version: 0.2.0 The skill wraps the `clawback` CLI tool, which handles sensitive Gmail data. The `SKILL.md` documentation reveals the `CB_SERVER` environment variable, which can redirect all `clawback` binary traffic to an arbitrary server. While the skill does not explicitly instruct the agent to set this variable to a malicious endpoint, its presence creates a significant prompt injection vulnerability. A compromised agent could be instructed to set `CB_SERVER` to an attacker-controlled domain, leading to exfiltration of sensitive Gmail data. Additionally, instructions to the agent to 'Never expose approval IDs, exit codes, or CLI commands to the user' could facilitate stealthy operations.
能力评估
Purpose & Capability
Name/description (Gmail security proxy with approvals/audit) match the declared requirement of a 'clawback' binary and the SKILL.md commands that use that binary. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
SKILL.md instructs the agent to run the 'clawback' CLI, handle specific exit codes, and poll approvals in the background; these instructions are within the claimed scope but imply the agent will hold and poll approval IDs and should not surface CLI plumbing to users. This is a trust decision (the proxy/service will see mailbox data during normal operation).
Install Mechanism
No install spec is included (instruction-only), and SKILL.md points to upstream GitHub releases for the binary. No downloads or extract steps are embedded in the skill itself.
Credentials
The skill declares no required env vars or credentials. SKILL.md mentions optional CB_SERVER and connection ids; this is proportional. Note: real Gmail access is obtained via the clawback CLI's auth flow, so the external Clawback service will receive OAuth scopes — the user should review what scopes/permissions that service requests.
Persistence & Privilege
always is false and the skill is user-invocable. It does request the agent perform background polling of approvals, but it does not demand permanent/all-agent presence or modify other skills' configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install clawback-sh
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /clawback-sh 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.2.0
Remove curl|bash install, declare CB_SERVER default, add agent behavior guidance, remove file-handling examples
v0.1.0
Initial release — Gmail security proxy skill with full CLI command reference
元数据
Slug clawback-sh
版本 0.2.0
许可证
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Clawback 是什么?

Gmail security proxy with policy enforcement, approval workflows, and audit logging. Use when the user wants to read, search, or send Gmail with guardrails —... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 451 次。

如何安装 Clawback?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install clawback-sh」即可一键安装,无需额外配置。

Clawback 是免费的吗?

是的,Clawback 完全免费(开源免费),可自由下载、安装和使用。

Clawback 支持哪些平台?

Clawback 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Clawback?

由 Rotem Tamir(@rotemtam)开发并维护,当前版本 v0.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论