Description

☤CaduceusMail lets your OpenClaw automate an enterprise-level communications stack with one domain/mailbox combo.

README (SKILL.md)

☤CaduceusMail 3.6.7

Name: ☤CaduceusMail
Author: lmtlssss

Inbox-reliability optimization engine: automates sender trust hardening, identity rotation, and scale-ready outreach/support flows designed to keep your mail out of junk.

☤CaduceusMail is a shippable skill for enterprise-grade alias/domain control on top of a single Microsoft 365 mailbox and Cloudflare DNS zone.

OpenClaw skill adapter for an audited caduceusmail release artifact vendored inside this skill. It manages M365 + Cloudflare mail/DNS without a runtime npm fetch.

What this does

This skill is a thin adapter around the standalone caduceusmail package. On first use the wrapper:

Verifies the vendored tarball against a pinned SHA-512 integrity value in vendor/caduceusmail-release.json
Extracts the audited release into a skill-owned cache under ~/.local/share/caduceusmail-skill/toolchains
Runs the CLI with a reduced environment and owner-only permissions on runtime state directories

It does not fetch code from npm at runtime, install a global package, or execute npm lifecycle scripts.

First move

Run the doctor through the secure wrapper before you do anything theatrical.

bash {baseDir}/scripts/run.sh doctor --json

Quick start

bash {baseDir}/scripts/run.sh bootstrap \
  --organization-domain "example.com" \
  --mailbox "[email protected]" \
  --bootstrap-auth-mode device

Daily headless run after bootstrap

bash {baseDir}/scripts/run.sh bootstrap \
  --organization-domain "example.com" \
  --mailbox "[email protected]" \
  --skip-m365-bootstrap

Lane operations

bash {baseDir}/scripts/run.sh provision-lane \
  --mailbox "[email protected]" \
  --local "support" \
  --domain "support-reply.example.com"

bash {baseDir}/scripts/run.sh verify-lane \
  --mailbox "[email protected]" \
  --alias-email "[email protected]" \
  --domain "support-reply.example.com"

bash {baseDir}/scripts/run.sh retire-lane \
  --mailbox "[email protected]" \
  --alias-email "[email protected]"

Hard Rules

never send group emails from one operation
never send one message to multiple recipients at once
treat no-reply lanes as intentional non-receiving identities (no MX + SPF -all profile)
delete defaults are reply-safe: aliases are retired with fallback continuity unless explicitly hard-removed

What this skill can do

bootstrap Graph and Exchange auth posture
hand off Microsoft device-login flows for VPS/SSH setups through OpenClaw gateway/browser hooks
audit credential and DNS posture
optimize root mail records
provision reply and no reply lanes under subdomains
verify lane readiness
retire lanes with reply continuity
generate awareness snapshots and machine readable state artifacts

OpenClaw runtime pattern

Prefer secret injection through skills.entries.caduceusmail.env over editing files. See examples/openclaw.config.json5. The wrapper forwards only the CaduceusMail/OpenClaw/M365/Cloudflare variables it needs plus terminal/headless hints, so unrelated host secrets are not passed through by default. External script resolution stays disabled unless CADUCEUSMAIL_ALLOW_EXTERNAL_SCRIPT_RESOLUTION=1 is set explicitly.

Security and Privilege Disclosure

This skill performs high-privilege operations by design:

Microsoft Graph app role grants
Exchange service principal and RBAC role assignments
Exchange accepted-domain tuning (optional flags)
Cloudflare DNS mutations for lane records

Runtime state artifacts are written under ~/.caduceusmail/intel with owner-only permissions. Env/secret persistence remains opt-in in the underlying tool, and any persisted env file is expected to stay owner-readable only. Use least-privilege credentials: a dedicated Entra service principal scoped to the required Graph/Exchange roles and a Cloudflare token limited to the target zone's DNS permissions.

Usage Guidance

This skill appears internally consistent with its stated purpose, but it will receive high-privilege credentials (Azure/Entra client secret and a Cloudflare token) which the vendored node CLI can use at runtime. Before installing or enabling: 1) Verify you trust the vendored release artifact (review vendor/caduceusmail-3.6.7.tgz contents and the pinned repository/commit in vendor/caduceusmail-release.json). 2) Use a dedicated least-privilege Entra service principal scoped only to the required Graph/Exchange roles and a Cloudflare token limited to the single zone. 3) Keep CADUCEUSMAIL_ALLOW_EXTERNAL_SCRIPT_RESOLUTION unset (default 0) unless you explicitly need it. 4) Consider running the wrapper's doctor command in a safe/test environment first to observe behavior. If you cannot or do not want to trust the vendored CLI code, do not provide production credentials to this skill.

Capability Analysis

Type: OpenClaw Skill Name: caduceusmail Version: 3.6.7 The skill manages high-privilege enterprise infrastructure (Microsoft 365/Entra and Cloudflare DNS), requiring sensitive credentials such as ENTRA_CLIENT_SECRET and CLOUDFLARE_API_TOKEN. While the implementation demonstrates excellent security hygiene—including integrity verification of the vendored 'caduceusmail-3.6.7.tgz' in 'scripts/ensure-caduceusmail.sh' and strict environment isolation using 'env -i' in 'scripts/run.sh'—the inherent capability to mutate DNS records and mail configurations is classified as a high-risk capability.

Capability Assessment

✓ Purpose & Capability

The name/description (M365/Exchange + Cloudflare DNS mailbox/domain automation) maps directly to the env vars requested (ENTRA_* for Azure/Graph, EXCHANGE_*, ORGANIZATION_DOMAIN, CLOUDFLARE_*). Required binaries (bash, node, python3) are used by the wrapper for verification and to run the vendored CLI; jq is declared in metadata (and is harmless if present). The request for high-privilege secrets is proportional to the declared operations (Graph app roles, Exchange RBAC, DNS mutations).

ℹ Instruction Scope

SKILL.md instructs running the included run.sh wrapper which: verifies/extracts a vendored tarball, creates a private state directory, and execs the vendored node CLI with a sanitized environment (env -i + explicit allow-list). The wrapper intentionally forwards only a focused set of env vars (plus any CADUCEUSMAIL_/OPENCLAW_*/EMAIL_ALIAS_FABRIC_* vars). This grants the vendored CLI full access to the service credentials you provide (ENTRA_CLIENT_SECRET, CLOUDFLARE_API_TOKEN) — which is expected, but you should understand the node process receives these secrets at runtime. The SKILL.md also documents the security posture and the external-script-resolution opt-in flag.

✓ Install Mechanism

There is no network install at runtime; the skill vendors a tarball and a release manifest. The wrapper verifies SHA-1 and a pinned sha512 integrity value, prevents path-traversal during extraction, and sets restrictive permissions. No downloads from untrusted URLs occur by default. The code performs an on-disk install under a user-local XDG_DATA_HOME path.

✓ Credentials

The set of required environment variables directly correspond to the Microsoft/Exchange and Cloudflare operations the tool performs. The skill legitimately needs Entra/Azure client id/secret and Cloudflare token/zone id. The wrapper does read and forward a handful of general host env vars (HOME, PATH, LANG, SSH_*, TMP*), but it uses env -i to avoid leaking the full host environment and only forwards explicitly enumerated values. The documentation explicitly recommends least-privilege service principals and limited Cloudflare tokens.

✓ Persistence & Privilege

The skill is not always-enabled, model invocation is allowed (normal), and runtime state is confined to a skill-owned directory (~/.caduceusmail and XDG_DATA_HOME/toolchains) with owner-only permissions. The skill may perform high-privilege Cloud/M365 operations by design, but it does not request system-wide or other-skills credentials, nor does it modify other skills' configuration. External script resolution is opt-in (default off).

Version History

v3.6.7

Test publish with the original frontmatter plus the two original lead lines restored above the hardened adapter copy.

v3.6.9

Restored the original frontmatter and lead positioning, and aligned the vendored package and skill release back to 3.6.9.

v6.1.1

Hardened the skill around a pinned audited local release artifact, reduced env forwarding, and owner-only runtime state permissions.

v6.0.0

v6.0.0: re-engineered as thin OpenClaw adapter; operational logic now in standalone npm package (npm install -g caduceusmail)

v5.3.3

- Updated version to 5.3.3 with documentation sync. - README.md, SKILL.md, and release notes updated to reflect latest guidance and usage patterns. - No behavioral or breaking changes; documentation and metadata refresh only.

v5.3.0

CaduceusMail 5.3.0 - Adds support for Microsoft device-login handoff through OpenClaw gateway/browser hooks for SSH and VPS bootstrap scenarios. - If browser handoff cannot be performed, emits a dashboard URL and writes a `caduceusmail-login-handoff.json` file for manual completion. - Documentation and quickstart updated to reflect new login handoff options and clearer guidance on SSH/VPS workflows. - No changes to required environment variables or core operational flows.

v5.1.1

- Updated documentation for SKILL.md with clarified mission, innovation summary, and strict operational rules. - Added "Hard Rules" and expanded "Innovation Summary" to better define safe automation patterns and skill scope. - Bumped version number to 5.1.1. - No behavioral or functional changes to code; update is documentation-focused. - All operational, security, and usage patterns remain unchanged.

v5.2.0

**5.2.0 expands runtime requirements and documents privilege posture.** - Updated required binaries and environment variables to include PowerShell, ripgrep, and more Azure/Cloudflare settings. - Expanded and clarified documentation about privilege requirements, credential use, and DNS mutations. - Added a new "Security and Privilege Disclosure" section, outlining high-privilege operations and explicit user consent for external script resolution. - PowerShell module management and artifact locations are now disclosed. - No changes to existing command flows; all prior operations remain compatible.

v5.1.0

Canonical 5.1.0 release: normalized slug/branding, added full testable repo surface, restored secure defaults (non-persistent by default), and tightened script-resolution safety.

v4.2.0

Initial canonical release

Metadata

Slug caduceusmail

Version 3.6.7

License —

All-time Installs 1

Active Installs 1

Total Versions 10

Frequently Asked Questions

What is ☤CaduceusMail?

☤CaduceusMail lets your OpenClaw automate an enterprise-level communications stack with one domain/mailbox combo. It is an AI Agent Skill for Claude Code / OpenClaw, with 446 downloads so far.

How do I install ☤CaduceusMail?

Run "/install caduceusmail" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is ☤CaduceusMail free?

Yes, ☤CaduceusMail is completely free (open-source). You can download, install and use it at no cost.

Which platforms does ☤CaduceusMail support?

☤CaduceusMail is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created ☤CaduceusMail?

It is built and maintained by lmtlssss (@lmtlssss); the current version is v3.6.7.

More Skills

☤CaduceusMail