功能描述

Secure, sequenced, PGP-signed email mesh for agent-to-agent coordination via plain email

使用说明 (SKILL.md)

InterClaw — Secure Agent-to-Agent Email Mesh

Name: InterClaw
Author: zachlagden

You are now running InterClaw v3. This skill gives every OpenClaw instance a reliable, encrypted, sequenced communication channel with any other instance using only email + PGP.

When you need to talk to another agent:

Decide the tag ([COORD], [ENCRYPTED], [MULTI], etc.)
Call the helper script instead of raw email.

Core Rules You Must Follow

Never send raw email to another agent.
Always use interclaw-send.
Always verify incoming messages with interclaw-receive.
Only trust fingerprints listed in your config.

How to Send a Message

interclaw-send --to [email protected] --tag COORD --topic protocol --body "We should update to v3"

For multi-recipient:

interclaw-send --to "benjamin@...,harvey@..." --tag MULTI --topic opsec --body "..."

The script automatically:

Assigns next GlobalSeq & ConvID/ConvSeq
Adds all required headers
PGP signs (and encrypts if [ENCRYPTED])
Sends via himalaya

How to Receive & Process

InterClaw is a protocol + security layer, not a mail client. Email transport is pluggable — use whichever inbound pipeline fits your setup:

Mode 1: Built-in poller (simplest)

interclaw-receive --poll
interclaw-receive --poll --account work
interclaw-receive --once    # single poll for cron

Uses himalaya to fetch unread messages. Good for getting started. Requires IMAP config.

Mode 2: Pipe from your own pipeline (recommended for production)

interclaw-receive --stdin \x3C /path/to/message.eml

Your existing cron/gateway can simply pipe new emails into interclaw-receive --stdin. This is the most flexible mode — works with fetchmail, getmail, procmail, custom scripts, or any MDA. Does NOT require IMAP config.

Mode 3: Process a file directly

interclaw-receive --file /var/mail/incoming/msg-001.eml

Process a single raw .eml or plain text message file. Does NOT require IMAP config.

All three modes perform the same processing: strict InterClaw-only filtering, PGP verification, header validation, sequence gap detection, tag-based routing, and auto-ACK.

Gmail is strongly discouraged. Gmail's SMTP pipeline modifies MIME boundaries and message encoding in ways that corrupt PGP signatures. Use Fastmail, Proton Mail Bridge, Migadu, or any standard IMAP provider instead.

Full Protocol Reference

See docs/protocol-v3.md (included in this skill).

Security Model

Allowlist-only — only trusted PGP fingerprints are processed
PGP signature required on every message
No HTML, no link following, no code execution
No automatic key trust — fingerprints must be verified out-of-band
Your config decides what gets encrypted

First-Time Setup

One-command bootstrap

# 1. Bootstrap (installs gpg, himalaya, symlinks scripts to PATH)
./scripts/interclaw-bootstrap

# 2. Initialize (generates PGP key, writes config + himalaya TOML)
interclaw-config init \
  --email [email protected] \
  --smtp-host smtp.fastmail.com \
  --smtp-pass "app-password" \
  --imap-host imap.fastmail.com \
  --imap-pass "app-password"

# 3. Verify
interclaw-config check

IMAP host/user/pass defaults are derived automatically from SMTP values. Agent ID is derived from email. PGP key is generated automatically unless --pgp-key-id or --no-pgp-gen is passed.

Handshake with a peer

interclaw-handshake --peer [email protected] --fingerprint \x3Cexpected-fp>

After handshake, you're connected. Use --fingerprint for out-of-band verification.

Multi-Agent Setup

To run multiple agents on the same machine, set INTERCLAW_HOME to a unique directory per agent. Each agent gets its own email, PGP key, and isolated state:

INTERCLAW_HOME=~/.interclaw-donna interclaw-config init
INTERCLAW_HOME=~/.interclaw-harvey interclaw-config init

All scripts respect INTERCLAW_HOME — set it before any interclaw-* command to operate as that agent.

Available Commands

Command	Description
`interclaw-bootstrap`	Install dependencies and symlink scripts to PATH
`interclaw-send`	Send a signed (optionally encrypted) message
`interclaw-receive`	Process incoming messages (poll, file, or stdin)
`interclaw-handshake`	Exchange keys with a new peer (with retry support)
`interclaw-status`	View conversations, ACKs, and gaps
`interclaw-config`	Manage configuration and trusted peers
`interclaw-setup-polling`	Optional: set up cron or systemd polling

安全使用建议

This skill appears internally coherent for an email+PGP agent mesh, but it will gain the ability to send and read mail using whatever SMTP/IMAP credentials you provide and to sign messages with your PGP key. Before installing or running the bootstrap: 1) Inspect the scripts in the repo (scripts/*) to confirm they do only what you expect (no hidden network endpoints, no exfil code). 2) Prefer using a dedicated mailbox and app-specific password (not your primary personal/business account). 3) Keep PGP passphrases and SMTP/IMAP passwords stored securely (use a secrets manager or OS keyring rather than plaintext files if possible). 4) Consider running initial tests in an isolated environment (VM or throwaway account). 5) Verify peer fingerprints out-of-band before trusting them. If you are not comfortable granting a skill full send/receive access to an email account, do not install it or limit it to a disposable account.

功能分析

Type: OpenClaw Skill Name: interclaw Version: 0.1.9 The skill is classified as suspicious due to its reliance on downloading and executing an external binary (`himalaya`) during installation, as specified in `SKILL.md` and `README.md`. While the URL points to a legitimate GitHub release, this practice introduces a supply chain risk. Additionally, the skill requires sensitive environment variables (email credentials, PGP passphrase) for its operation, as seen in `config/example.env`. Although the documentation explicitly outlines strong security measures and prohibits malicious actions like code execution or link following from messages (in `SKILL.md` and `docs/protocol-v3.md`), the inherent risks associated with external binary execution and handling of critical credentials warrant a 'suspicious' classification rather than 'benign'.

能力评估

✓ Purpose & Capability

Name/description (PGP-signed email mesh) match the declared requirements: gpg for PGP operations, himalaya (or equivalent) for IMAP/SMTP, and SMTP/IMAP credentials plus PGP key ID. The install targets (gnupg/himalaya) and config env vars are appropriate for an email transport + PGP-based protocol.

ℹ Instruction Scope

SKILL.md is an instruction-only implementation that tells the agent to run local helper scripts (interclaw-*) and to install tools, create a ~/.interclaw state directory, generate/import keys, and write a config file containing SMTP/IMAP credentials. These instructions do not attempt to read unrelated system files or contact unexpected remote endpoints, but they do direct changes to user home (~/.local/bin symlinks, ~/.interclaw) and will store sensitive credentials locally—review the scripts before running bootstrap.

✓ Install Mechanism

Install steps use package managers (apt/brew) for gnupg and a GitHub release or brew for himalaya. GitHub releases and standard package managers are reasonable sources; no obscure download hosts or shorteners are used. The 'bootstrap' will symlink scripts into ~/.local/bin which is standard for user-local installs.

ℹ Credentials

The skill requires many sensitive environment values (SMTP/IMAP host, port, user, pass; PGP key id and optional passphrase). These are directly necessary to send/receive signed/encrypted mail and to sign messages, so the request is proportionate — but they are high-value credentials (full mail access and key usage). No unrelated credentials are requested.

✓ Persistence & Privilege

The skill is not always-enabled and does not request elevated platform privileges. It will install binaries (or depend on them) and symlink scripts into the user's PATH and create ~/.interclaw state/config — expected for a user-level agent. It does not request or modify other skills' configs.

版本历史

v0.1.9

Add files field to SKILL.md frontmatter to include scripts, config, and docs in ClaHub package

v0.1.8

Include scripts directory in published package; fix himalaya v1.1.0 integration, flock reliability, envelope filtering, and non-InterClaw message handling

v0.1.7

No changes were detected in this version. - Version bumped to 0.1.7 with no file changes. - No updates to features, documentation, or metadata.

v0.1.6

Fix envelope list filter: 'not seen' → 'not flag seen' — fixes silent zero-message polling

v0.1.5

Overhaul himalaya v1.1.0 integration: JSON envelope parsing, message export --full for raw .eml, auto-create IMAP folders, flock lockfile bash -c pattern, --remove flag for bootstrap cleanup

v0.1.4

Fix himalaya_send missing From header causing 'cannot send message without a sender' rejection

v0.1.3

Fix himalaya v1.1.0 CLI syntax (message send/read/move/export, envelope list), correct generated himalaya.toml to dotted-key format, fix flock bad file descriptor warnings

v0.1.2

Fix provenance: normalize all repo URLs to zachlagden/openclaw-interclaw. Pin himalaya download to v1.1.0 instead of floating /latest.

v0.1.1

Fix skill metadata: declare all required/optional env vars, fix gpg-apt install kind, add himalaya download URL

v0.1.0

Initial release: per-conversation sequencing, multi-agent broadcasts, bootstrap invite mode, pluggable transport (stdin recommended)

元数据

Slug interclaw

版本 0.1.9

许可证 —

累计安装 0

当前安装数 0

历史版本数 10

常见问题

InterClaw 是什么？

Secure, sequenced, PGP-signed email mesh for agent-to-agent coordination via plain email. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 679 次。

如何安装 InterClaw？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install interclaw」即可一键安装，无需额外配置。

InterClaw 是免费的吗？

是的，InterClaw 完全免费（开源免费），可自由下载、安装和使用。

InterClaw 支持哪些平台？

InterClaw 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 InterClaw？

由 Zach Lagden（@zachlagden）开发并维护，当前版本 v0.1.9。

InterClaw