← 返回 Skills 市场
Neynar Inbox
作者
rishavmukherji
· GitHub ↗
· v1.0.0
880
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install neynar-inbox
功能描述
Email for AI agents. Create mailboxes, send and receive emails via API. No browser, no OAuth.
使用说明 (SKILL.md)
Neynar Inbox
Email service built for AI agents. Create a mailbox, get an API key, send and receive real emails - all via REST API.
Quick Start
1. Create a mailbox (no auth needed)
curl -X POST https://neynar-inbox-api.rish-68c.workers.dev/v1/mailboxes \
-H "Content-Type: application/json" \
-d '{"displayName": "My Agent", "username": "myagent"}'
Response:
{
"id": "550e8400-e29b-41d4-a716-446655440000",
"address": "[email protected]",
"apiKey": "fi_abc123...",
"warning": "Store the apiKey securely - it cannot be retrieved again."
}
CRITICAL: Store the apiKey immediately. It is only returned once and cannot be recovered.
Username is optional (random address if omitted). Must be at least 6 characters, alphanumeric with dots/hyphens/underscores.
2. Send an email
curl -X POST https://neynar-inbox-api.rish-68c.workers.dev/v1/emails \
-H "Authorization: Bearer fi_your_api_key" \
-H "Content-Type: application/json" \
-d '{
"to": ["[email protected]"],
"subject": "Hello from my agent",
"text": "This email was sent by an AI agent!"
}'
3. Check inbox
curl https://neynar-inbox-api.rish-68c.workers.dev/v1/emails?direction=inbound \
-H "Authorization: Bearer fi_your_api_key"
RECOMMENDED: If you have heartbeat, cron, or scheduling capabilities, set up polling (every 30-60 seconds) right after creating your mailbox to catch replies.
4. Search emails
curl "https://neynar-inbox-api.rish-68c.workers.dev/v1/search?q=invoice" \
-H "Authorization: Bearer fi_your_api_key"
API Reference
Base URL: https://neynar-inbox-api.rish-68c.workers.dev/v1
Authentication: Authorization: Bearer \x3Capi_key> (all endpoints except mailbox creation)
| Method | Endpoint | Description |
|---|---|---|
| POST | /v1/mailboxes | Create mailbox (no auth, returns apiKey) |
| GET | /v1/mailboxes | List your mailbox |
| DELETE | /v1/mailboxes/:id | Delete mailbox |
| POST | /v1/mailboxes/:id/rotate | Rotate API key |
| POST | /v1/emails | Send email |
| GET | /v1/emails | List emails (?limit=50&offset=0&direction=inbound) |
| GET | /v1/emails/:id | Get single email |
| DELETE | /v1/emails/:id | Delete email |
| GET | /v1/search?q=query | Full-text search |
| POST | /v1/webhooks | Register webhook |
| GET | /v1/webhooks | List webhooks |
| DELETE | /v1/webhooks/:id | Remove webhook |
Email Object
{
"id": "uuid",
"direction": "inbound",
"from": "[email protected]",
"to": ["[email protected]"],
"subject": "Email subject",
"bodyText": "Plain text body",
"bodyHtml": "\x3Cp>HTML body\x3C/p>",
"status": "received",
"createdAt": "2024-01-15T10:00:00Z"
}
Webhooks
Register a webhook for real-time email notifications:
curl -X POST https://neynar-inbox-api.rish-68c.workers.dev/v1/webhooks \
-H "Authorization: Bearer fi_your_api_key" \
-H "Content-Type: application/json" \
-d '{"url": "https://your-server.com/webhook", "events": ["email.received"]}'
Verify signatures via X-Webhook-Signature header (HMAC-SHA256 of body).
Error Codes
| Code | Description |
|---|---|
| 400 | Bad request |
| 401 | Unauthorized - missing or invalid API key |
| 403 | Forbidden |
| 404 | Not found |
| 409 | Username already taken |
| 500 | Server error |
Limits
- 3 mailboxes per account
安全使用建议
This skill is an instruction-only integration that calls an external email API. Before installing: (1) confirm you trust the API host — the SKILL.md uses a workers.dev domain while the metadata lists a neynar.ai homepage (this mismatch could be innocent but warrants verification). (2) Decide where the returned apiKey will be stored (agent secret store) and ensure it will be stored securely — the skill metadata does not declare a required credential. (3) Be aware that an autonomous agent using this skill can send and receive real email and could poll frequently; restrict or monitor autonomous behavior and outgoing messages if you are concerned about data exfiltration or spam. (4) Prefer using disposable mailboxes for testing, verify webhook signatures on your endpoints, and review any privacy/terms on the email provider website before granting long-term access.
功能分析
Type: OpenClaw Skill
Name: neynar-inbox
Version: 1.0.0
The skill bundle provides an API for email services, using `curl` to interact with a specific, hardcoded endpoint (`https://neynar-inbox-api.rish-68c.workers.dev`). The `SKILL.md` instructions are clear, functional, and directly related to creating mailboxes, sending/receiving emails, and managing API keys. There is no evidence of prompt injection attempting to subvert the agent, data exfiltration to unauthorized destinations, malicious execution, or persistence mechanisms. The instructions for storing the API key and setting up polling are necessary for the skill's intended operation.
能力评估
Purpose & Capability
The skill's stated purpose (email API for agents) matches the runtime instructions (endpoints to create mailboxes, send/receive email). However there is an inconsistency between the declared homepage (https://email.neynar.ai in metadata) and the actual API base URL used in the instructions (https://neynar-inbox-api.rish-68c.workers.dev). The SKILL.md also exposes behavior (create mailbox without auth, returns apiKey) that implies the agent must manage secrets even though the skill metadata lists no primary credential — this mismatch is concerning.
Instruction Scope
Instructions are explicit about API calls and do not instruct reading arbitrary local files or unrelated credentials. They do, however, instruct the agent to store the returned apiKey securely and recommend polling every 30–60 seconds or registering webhooks — both of which imply persistent secret storage and regular network activity outside the agent's immediate interaction. That scope expansion (scheduling/persisting keys) is not declared elsewhere.
Install Mechanism
This is an instruction-only skill with no install spec or code files, which is lower risk. One minor inconsistency: the SKILL.md lists requires.bins: [curl], while the registry metadata provided earlier listed no required binaries. No downloads or extractable installs are present.
Credentials
The skill will produce and require an API key for authenticated calls, but requires.env and primary credential fields are empty in the package metadata. The runtime examples show Authorization: Bearer <apiKey>, so the agent or user will need to store that secret somewhere — yet the skill does not declare or request that storage. Absence of declared credential handling is a mismatch and could lead to accidental secret leakage if the agent stores the key insecurely.
Persistence & Privilege
always is false (good). The skill recommends polling every 30–60s or registering webhooks, and the platform allows autonomous invocation by default. That combination gives an agent the ability to send/receive arbitrary emails and perform frequent outbound connections; this is expected for an email integration but increases the blast radius if the agent acts without user oversight. Consider limiting autonomous use or monitoring outbound messages.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install neynar-inbox - 安装完成后,直接呼叫该 Skill 的名称或使用
/neynar-inbox触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release - email service for AI agents
元数据
常见问题
Neynar Inbox 是什么?
Email for AI agents. Create mailboxes, send and receive emails via API. No browser, no OAuth. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 880 次。
如何安装 Neynar Inbox?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install neynar-inbox」即可一键安装,无需额外配置。
Neynar Inbox 是免费的吗?
是的,Neynar Inbox 完全免费(开源免费),可自由下载、安装和使用。
Neynar Inbox 支持哪些平台?
Neynar Inbox 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Neynar Inbox?
由 rishavmukherji(@rishavmukherji)开发并维护,当前版本 v1.0.0。
推荐 Skills