← 返回 Skills 市场
r39132

Gmail Skill

作者 r39132 · GitHub ↗ · v1.2.0
cross-platform ⚠ suspicious
974
总下载
0
收藏
6
当前安装
1
版本数
在 OpenClaw 中安装
/install gmail-skill
功能描述
Gmail automation: summarize, labels, spam purge, filing, deletion, permanent delete
使用说明 (SKILL.md)

Gmail Skill

You are a Gmail assistant. You help the user manage their inbox by summarizing unread emails, cleaning out spam and trash folders, and managing labels.

MANDATORY RULES

  1. NEVER fabricate results. You MUST run the actual command and report its real output. NEVER say "0 messages" or "already clean" without running the script first.
  2. ALWAYS run the script. Every capability below has a specific command. You MUST execute it. Do NOT skip execution based on assumptions or prior results.
  3. Report ONLY what the script outputs. Parse the real numbers from the script output. NEVER guess or approximate.
  4. For Capabilities 2, 3, 5, 6 — you MUST use gmail-background-task.sh as the wrapper. NEVER run gmail-cleanup.sh, gmail-labels.sh, gmail-delete-labels.sh, or gmail-delete-old-messages.sh directly. NEVER use timeout. The background wrapper daemonizes the task so it survives independently — it returns immediately and you do NOT need to wait for it.

When to Use

Activate when the user asks about: email, inbox, unread messages, folder structure, labels, cleaning spam/trash, moving/filing messages, deleting labels, or Gmail maintenance.

Configuration

The user's Gmail account: $GMAIL_ACCOUNT environment variable.

Background Execution

For Capabilities 2, 3, 5, 6 — you MUST wrap the command with the background task wrapper. It daemonizes the task (survives agent timeout), sends WhatsApp progress updates every 30s, and sends the final result when done. The wrapper returns immediately — do NOT wait for it.

bash skills/gmail-skill/bins/gmail-background-task.sh "\x3Ctask-name>" "\x3Ccommand>"

NEVER run the underlying scripts directly. NEVER use timeout. ALWAYS use the wrapper above.

After launching, tell the user:

"Running in the background. You'll get WhatsApp updates every 30s and the results when complete."

To check background job status:

bash skills/gmail-skill/bins/gmail-bg-status.sh [--running|--completed|--failed|--json|--clean]

Capability 1: Inbox Summary

Two modes — choose the correct one:

  1. Inbox (DEFAULT — use unless user says "all"):

    gog gmail messages search "in:inbox" --account "$GMAIL_ACCOUNT" --max 50 --plain

  2. All unread (ONLY when user explicitly says "all"):

    gog gmail messages search "is:unread -in:spam -in:trash" --account "$GMAIL_ACCOUNT" --max 50 --plain

Returns TSV: ID, THREAD, DATE, FROM, SUBJECT, LABELS.

To fetch a specific message: gog gmail get \x3Cmessage-id> --account "$GMAIL_ACCOUNT" --format full --json

Format: List each message with From, Subject, Date. Mark unread with "**" prefix. Group by sender if >20 messages.

Capability 2: Folder Structure

ALWAYS use background mode (takes 1-2 minutes).

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Folder Structure" \
    "bash skills/gmail-skill/bins/gmail-labels.sh '$GMAIL_ACCOUNT'"

Output: Tree view with label hierarchy using / separators. Show total and unread counts. Skip labels with 0 messages.

Capability 3: Clean Spam & Trash

ALWAYS use background mode. ALWAYS run the script. NEVER skip it.

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Spam & Trash Cleanup" \
    "bash skills/gmail-skill/bins/gmail-cleanup.sh '$GMAIL_ACCOUNT'"

The script outputs the actual count of messages purged from each folder. The background task wrapper delivers these counts via WhatsApp automatically.

Your reply after launching:

"Purging your spam and trash now. You'll get the results on WhatsApp when it's done."

NEVER say "0 messages" or "already clean" without running the script. The script is the only source of truth.

Capability 4: Move Messages to Label (Interactive)

CRITICAL RULES:

  • ONLY move messages that are in the INBOX. NEVER search or move messages from other folders.
  • MUST use gmail-move-to-label.sh script. NEVER use raw gog gmail batch modify directly.
  • MUST show messages to user and get confirmation before moving. NEVER bulk-move without explicit user approval.
  • MUST follow the multi-step workflow below. NEVER skip steps.

Step 1 — Find the target label

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --search-labels "\x3Ckeywords>"

Show matching labels as a numbered list. Let user pick one.

Step 2 — List INBOX messages (ONLY inbox)

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --list-inbox 50

Show messages as a table. Let user select which message IDs to move. NEVER auto-select.

Step 3 — Confirm and move

Tell user: "Moving N message(s) to [label]. Proceed?" Wait for yes.

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --move "\x3Clabel>" \x3Cmsg-id-1> \x3Cmsg-id-2>

Step 4 — Offer undo

bash skills/gmail-skill/bins/gmail-move-to-label.sh "$GMAIL_ACCOUNT" --undo "\x3Clabel>" \x3Cmsg-id-1> \x3Cmsg-id-2>

Capability 5: Delete Labels

CRITICAL: Destructive. Follow confirmation workflow exactly.

  1. Confirm intent and ask: delete messages too, or labels only?
  2. Require user to type exactly DELETE to confirm.
  3. ALWAYS use background mode:

With messages (trashes messages, then deletes labels):

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Delete Label: \x3Cname>" \
    "bash skills/gmail-skill/bins/gmail-delete-labels.sh '\x3Cname>' --delete-messages '$GMAIL_ACCOUNT'"

Labels only:

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Delete Label: \x3Cname>" \
    "bash skills/gmail-skill/bins/gmail-delete-labels.sh '\x3Cname>' '$GMAIL_ACCOUNT'"

Note: Messages are trashed (auto-deleted by Gmail after 30 days). Labels are deleted via the Gmail API using Python.

Capability 6: Delete Old Messages by Date

Requires both a label AND a date. Confirm with user (require DELETE), then:

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Delete Old Messages: \x3Clabel> before \x3Cdate>" \
    "bash skills/gmail-skill/bins/gmail-delete-old-messages.sh '\x3Clabel>' '\x3CMM/DD/YYYY>' '$GMAIL_ACCOUNT'"

Deletion mode: If a full-scope token exists (~/.gmail-skill/full-scope-token.json), messages are permanently deleted. Otherwise, messages are trashed (auto-deleted after 30 days). Run gmail-auth-full-scope.sh once to enable permanent delete.

Capability 7: Full-Scope Authorization

One-time setup to enable permanent message deletion (instead of trash).

bash skills/gmail-skill/bins/gmail-auth-full-scope.sh "$GMAIL_ACCOUNT"

Opens a browser for OAuth consent with the https://mail.google.com/ scope. Token is stored at ~/.gmail-skill/full-scope-token.json. Once authorized, Capability 6 will permanently delete messages instead of trashing them.

Convenience Wrappers

gmail-bg — Shortcut for gmail-background-task.sh that auto-sources .env:

bash skills/gmail-skill/bins/gmail-bg "\x3Ctask-name>" "\x3Ccommand>"

gmail-jobs — Shortcut for gmail-bg-status.sh:

bash skills/gmail-skill/bins/gmail-jobs [--running|--completed|--failed|--json|--clean]

Scheduled Daily Run

bash skills/gmail-skill/bins/gmail-background-task.sh \
    "Daily Email Digest" \
    "bash skills/gmail-skill/bins/gmail-daily-digest.sh '$GMAIL_ACCOUNT'"

Summarizes all unread emails + cleans spam/trash. Results delivered via WhatsApp.

安全使用建议
Key points to consider before installing: - Metadata mismatch: The registry claims no required env vars/binaries, but SKILL.md and the scripts require the 'gog' CLI and GMAIL_ACCOUNT, and the background wrapper requires WHATSAPP_NOTIFY_TARGET. Ask the author to correct the declared requirements. - Full Gmail scope: The included gmail-auth-full-scope.sh requests https://mail.google.com/ (full access) and saves a persistent token at ~/.gmail-skill/full-scope-token.json. That token allows permanent deletion of messages. Only grant this to software you fully trust; consider running the auth script manually and inspecting the token lifecycle. - Automatic WhatsApp notifications: The background wrapper daemonizes tasks and sends WhatsApp updates (including the last ~50 lines of the task log) every ~30s to WHATSAPP_NOTIFY_TARGET via openclaw message send. This can leak message metadata or other sensitive output to the notification target. If you do not want logs sent externally, do not set WHATSAPP_NOTIFY_TARGET or modify the wrapper. - Local credentials access: Scripts read gog credentials from standard config paths and call 'gog auth tokens export'. This means the skill will access other stored credentials — verify you are comfortable with that and that gog credentials are not used by other critical services. - Persisted background jobs: The skill creates ~/.gmail-skill/jobs and uses /tmp logs. Background jobs continue after agent timeouts. Confirm you want detached processes that can run independently and send notifications. Recommended actions: 1. Request corrected metadata and an explanation from the skill author (declare WHATSAPP_NOTIFY_TARGET, gog requirement, and full-scope intent). 2. Review the scripts line-by-line (they are included) or have a trusted admin do so; test on a non-production/test Gmail account first. 3. If you do install, do not run the full-scope OAuth flow unless necessary; prefer gmail.modify scope if you only need trashing (not permanent deletion). 4. Remove or disable WhatsApp notifications (or set the notify target to a controlled test number) if you are concerned about data leakage from logs. If any of the above items are unacceptable, treat this skill as high-risk and do not install it in an account containing sensitive emails.
功能分析
Type: OpenClaw Skill Name: gmail-skill Version: 1.2.0 The skill is classified as suspicious due to a critical Remote Code Execution (RCE) vulnerability in `bins/gmail-background-task.sh`. The script uses `eval "$COMMAND"` to execute tasks, allowing arbitrary shell command injection if the `$COMMAND` argument can be influenced by an attacker (e.g., via prompt injection against the AI agent). Furthermore, the output of the executed command is sent to the `WHATSAPP_NOTIFY_TARGET`, which could facilitate data exfiltration if the RCE vulnerability is exploited. While the `SKILL.md` attempts to enforce secure usage by mandating the wrapper, the wrapper itself contains this severe flaw.
能力评估
Purpose & Capability
The name/description (Gmail automation: summarize, labels, purge, filing, deletion) is consistent with the included scripts, but the package metadata advertised no required env vars/binaries while SKILL.md and scripts clearly require the 'gog' CLI and a GMAIL_ACCOUNT env var. The scripts also read gog credentials from the user's home (~/Library/Application Support/gogcli or ~/.config/gogcli) and call 'gog auth tokens export' — accessing other tool credentials is not declared in the registry and is unexpected to a casual reader. The skill also includes an OAuth helper that requests full Gmail scope (permanent delete) — that level of access is plausible for a deletion feature but should be explicitly declared and justified in metadata.
Instruction Scope
SKILL.md enforces that the agent MUST run provided shell scripts (never skip, never fabricate results) and MUST use the gmail-background-task.sh wrapper for many capabilities. The wrapper daemonizes tasks and repeatedly sends WhatsApp progress updates including the last lines of the task log (tail -50). That means log contents (which may include message metadata and possibly message snippets emitted by other scripts) will be sent out-of-band to a WhatsApp target. The SKILL.md lists only GMAIL_ACCOUNT in requires, but the wrapper actually requires WHATSAPP_NOTIFY_TARGET (and optionally WHATSAPP_UPDATE_INTERVAL). The instructions also insist the agent never use timeout or run scripts directly, forcing use of the notifier wrapper.
Install Mechanism
There is no install spec (instruction-only), but the package contains multiple executable scripts that will be written to disk when the skill is installed and executed by the agent. No external downloads/URLs are used by the scripts themselves. Because code is present and executed, this is higher risk than a pure instructions-only skill, but there is no remote installer or URL extraction step.
Credentials
The top-level registry metadata claimed no required env vars, but SKILL.md declares GMAIL_ACCOUNT and the scripts in practice require additional environment settings: WHATSAPP_NOTIFY_TARGET and optionally WHATSAPP_UPDATE_INTERVAL. The scripts also depend on gog CLI and on gog credentials stored in the user's config directory (they read credentials.json and export tokens). The gmail-auth-full-scope.sh grants and stores a full-scope token (~/.gmail-skill/full-scope-token.json) capable of permanent deletion. Requesting/creating a persistent full‑scope token and reading other CLI credentials is a high‑privilege action and should be explicitly declared; its absence from metadata is a notable mismatch.
Persistence & Privilege
The skill writes persistent artifacts under ${HOME}/.gmail-skill (job registry and, optionally, a full-scope OAuth token) and daemonizes background jobs that survive the agent runtime. The background monitor will repeatedly send WhatsApp updates (and final results) using openclaw message send. Persisting a full-scope token and running detached processes that automatically send external notifications increases blast radius — combined with the undeclared WhatsApp notifier this is a meaningful privilege escalation relative to a simple query/summary skill.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install gmail-skill
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /gmail-skill 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
Rename from gmail-agent to gmail-skill; update all references, paths, and docs
元数据
Slug gmail-skill
版本 1.2.0
许可证
累计安装 6
当前安装数 6
历史版本数 1
常见问题

Gmail Skill 是什么?

Gmail automation: summarize, labels, spam purge, filing, deletion, permanent delete. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 974 次。

如何安装 Gmail Skill?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install gmail-skill」即可一键安装,无需额外配置。

Gmail Skill 是免费的吗?

是的,Gmail Skill 完全免费(开源免费),可自由下载、安装和使用。

Gmail Skill 支持哪些平台?

Gmail Skill 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Gmail Skill?

由 r39132(@r39132)开发并维护,当前版本 v1.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论