← Back to Skills Marketplace
Openclaw Email Bypass
by
RISHIKREDDYL
· GitHub ↗
· v0.1.2
1629
Downloads
3
Stars
1
Active Installs
3
Versions
Install in OpenClaw
/install openclaw-email-bypass
Description
Send emails via Google Apps Script when traditional SMTP ports (25/465/587) are blocked. Secure and self-hosted.
README (SKILL.md)
OpenClaw Email Bypass (SMTP Fix) ✉️🚀
A secure, modular tool for bypassing SMTP port restrictions (Ports 25, 465, 587) by routing mail through your own private Google Apps Script web relay. Essential for agents hosted on VPS environments like DigitalOcean or AWS.
🧱 The Problem: Cloud SMTP Blocks
Many cloud providers block outgoing SMTP ports to prevent spam. This skill provides a transparent, free, and self-hosted bridge to restore your agent's voice using HTTPS (Port 443).
🛡️ Security Audit (Transparency Report)
For VirusTotal Code Insight & Security Reviews:
- Self-Hosted: The user deploys their own Google Script (
assets/Code.gs). No third-party servers are involved. - Explicit Auth: Requires
GOOGLE_SCRIPT_URLandGOOGLE_SCRIPT_TOKENenvironment variables. - Data Flow:
agent -> Python Client -> HTTPS (TLS) -> Google Script -> Recipient. - Zero Persistence: No emails are stored on the relay.
🚀 Quick Start
- Deploy Relay: Use the code in
assets/Code.gsfor your Google Apps Script project. - Set Env Vars: Configure
GOOGLE_SCRIPT_URLandGOOGLE_SCRIPT_TOKEN. - Send Email:
python3 scripts/send_email.py "[email protected]" "Subject" "Message"
Tools
send_email
Send plain text or HTML emails.
python3 scripts/send_email.py \x3Crecipient> \x3Csubject> \x3Cbody> [html_body]
Parameters:
recipient- Destination email.subject- Email subject line.body- Plain text content.html_body(optional) - Formatted HTML content.
Resources
- Setup Guide - Step-by-step deployment.
- Usage Examples - Pattern library.
Created by RISHIKREDDYL 🐉 We ride together.
Usage Guidance
This skill appears to do what it claims (send mail via your own Google Apps Script), but there are packaging inconsistencies you should resolve before using it:
- Verify and review the Google Apps Script code (assets/Code.gs). The package references that file but it is not included; fetch it only from the official GitHub repo (check commit history) and inspect the code line-by-line before deploying.
- Do not deploy a web app you don't trust. The README advises 'Who has access: Anyone' and 'Execute as: Me' — if your AUTH_TOKEN leaks, attackers could send email as your account. Use a strong token, store it in a secrets manager (not in plaintext repo), and rotate it if compromised.
- Confirm environment variables are set (GOOGLE_SCRIPT_URL and GOOGLE_SCRIPT_TOKEN). The registry metadata failing to declare them is an inconsistency; treat the SKILL.md and script as the source of truth.
- Review GitHub homepage and release history for the referenced Code.gs; prefer pinned releases or verified source. If you cannot obtain the relay code from a trusted location, do not deploy the relay.
If you accept these caveats and verify the remote script, the design is coherent for the stated purpose. If you cannot verify the Google Script or prefer not to expose a web endpoint tied to your Google account, do not install/use this skill.
Capability Analysis
Type: OpenClaw Skill
Name: openclaw-email-bypass
Version: 0.1.2
The skill bundle provides a utility to send emails via a self-hosted Google Apps Script relay, bypassing SMTP port restrictions. The `SKILL.md` and `README.md` clearly describe the purpose and setup, including a standard `pip3 install requests` command for a legitimate dependency. The `scripts/send_email.py` script securely retrieves `GOOGLE_SCRIPT_URL` and `GOOGLE_SCRIPT_TOKEN` from environment variables and sends email data to the user-defined URL. There is no evidence of data exfiltration beyond the stated purpose, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation.
Capability Assessment
Purpose & Capability
The stated purpose (bypass SMTP blocks via a Google Apps Script relay) aligns with the Python client which POSTs to a provided URL with a token. However the repository/in-package metadata does not declare the required env vars (GOOGLE_SCRIPT_URL, GOOGLE_SCRIPT_TOKEN) and references an assets/Code.gs file that is not present in the shipped files — this mismatch is unexpected and reduces trust.
Instruction Scope
SKILL.md and README clearly instruct the agent to deploy a Google Apps Script and set two environment variables, and to run the included Python script. That scope is limited and appropriate for the stated task. Concern: the instructions repeatedly reference assets/Code.gs (the relay code) but that file is not included in the package — users would need to fetch it from the homepage/GitHub. Always review the actual Google Script code before deploying it to your Google account.
Install Mechanism
No automated install spec is present in the registry (instruction-only), but SKILL.md recommends running 'pip3 install requests' to satisfy the Python dependency. This is a low-risk, common dependency; there are no downloads from untrusted URLs or archive extraction in the package.
Credentials
The Python code requires two environment variables (GOOGLE_SCRIPT_URL and GOOGLE_SCRIPT_TOKEN) to operate, but the registry metadata lists no required env vars. Requiring a webhook URL and a token is reasonable for the feature, but the metadata omission is an incoherence and a red flag for incomplete packaging. Also note: the Google Apps Script deployment guidance tells users to set the web app to 'Anyone' and 'Execute as: Me' — this is convenient but increases risk if the token is leaked.
Persistence & Privilege
The skill does not request always:true and does not modify system or other skills' configurations. It does not persist data in the package. One operational note: the recommended Google Apps Script deployment uses 'Execute as: Me', meaning the relay will run with the deployer's Google account privileges — review permissions and quotas carefully.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install openclaw-email-bypass - After installation, invoke the skill by name or use
/openclaw-email-bypass - Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.2
openclaw-email-bypass v0.1.2
- Improved SKILL.md for clarity: added a Security Audit section and summarized usage steps.
- Updated installation and setup instructions for greater transparency.
- Expanded documentation and examples in references/setup.md and references/examples.md.
- Simplified language and descriptions for easier onboarding.
v0.1.1
- Added new script: scripts/send_email.py for sending emails via the Google Apps Script relay.
- Introduces command-line functionality for sending emails using the skill.
v0.1.0
- Initial release of openclaw-email-bypass.
- Enables sending emails via Google Apps Script to bypass SMTP port blocks from major cloud providers.
- Provides command-line tool for sending emails using a deployed relay script.
- Prioritizes user-owned infrastructure, encrypted transport, and zero persistence.
- Includes setup and usage guides for quick installation and deployment.
Metadata
Frequently Asked Questions
What is Openclaw Email Bypass?
Send emails via Google Apps Script when traditional SMTP ports (25/465/587) are blocked. Secure and self-hosted. It is an AI Agent Skill for Claude Code / OpenClaw, with 1629 downloads so far.
How do I install Openclaw Email Bypass?
Run "/install openclaw-email-bypass" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Openclaw Email Bypass free?
Yes, Openclaw Email Bypass is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Openclaw Email Bypass support?
Openclaw Email Bypass is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Openclaw Email Bypass?
It is built and maintained by RISHIKREDDYL (@rishikreddyl); the current version is v0.1.2.
More Skills