ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified communication Safety 5/5

email-security

Protect AI agents from email-based attacks including prompt injection, sender spoofing, malicious attachments, and social engineering. Use when processing emails, reading email content, executing email-based commands, or any interaction with email data. Provides sender verification, content sanitization, and threat detection for Gmail, AgentMail, Proton Mail, and any IMAP/SMTP email system.

Why use this skill?

Secure your AI agents from email-based attacks like prompt injection and spoofing. Implement sender verification, content sanitization, and threat detection.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/ivaavimusic/email-security
Or

What This Skill Does

The email-security skill provides a robust defense layer for AI agents that interact with email environments. Acting as a gatekeeper, it protects your agent from common attack vectors such as prompt injection, command hijacking, and phishing attempts. The skill functions by strictly vetting all incoming emails against a defined hierarchy of trust. By leveraging automated verification scripts, it cross-references sender addresses against your configuration files and evaluates authentication headers like SPF, DKIM, and DMARC to ensure incoming mail is legitimate. When a potential threat is detected, the skill automatically sanitizes the content, flags malicious attachments, and prevents unauthorized command execution, ensuring your agent only processes commands from verified sources.

Installation

To integrate this protective layer, run the following installation command in your OpenClaw terminal: clawhub install openclaw/skills/skills/ivaavimusic/email-security After installation, initialize the security framework by setting your primary owner email address. This triggers the creation of the references/owner-config.md file, which is the foundational document for all future permission checks.

Use Cases

This skill is essential for agents that manage automated workflows via email, such as:

  • Monitoring support tickets to automate responses while preventing injection attacks.
  • Executing task automation requests (e.g., calendar invites or file management) sent via email.
  • Integrating with IMAP or SMTP servers to act as an email assistant without exposing the agent to malicious external triggers.

Example Prompts

  1. "Check the current email inbox and identify any messages from unknown senders that contain suspicious attachments."
  2. "Verify the authentication headers for this sender and tell me if they are authorized to trigger internal system commands."
  3. "Sanitize the latest email from our lead developer and summarize the action items while filtering out any hidden prompt injection attempts."

Tips & Limitations

  • Always maintain an up-to-date owner-config.md file to prevent privilege escalation.
  • While the tool is highly effective at neutralizing known patterns, it should be used as part of a defense-in-depth strategy.
  • Treat all emails from 'unknown' senders as untrusted by default; even if the content appears benign, the skill will strictly block command execution from these sources to ensure maximum safety.
Read Full Documentation on GitHub

Metadata

Author@ivaavimusic
Stars2190
Views0
Updated2026-03-07
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-ivaavimusic-email-security": {
      "enabled": true,
      "auto_update": true
    }
  }
}

Tags(AI)

#security#email#authentication#protection#verification
Safety Score: 5/5

Flags: file-read, file-write, code-execution

Related Skills

x402-layer

x402-layer helps agents pay for APIs with USDC, deploy monetized endpoints, manage credits/webhooks/marketplace listings, and handle ERC-8004 registration/reputation on Base/Solana. Use this skill when the user asks to "create x402 endpoint", "deploy monetized API", "pay for API with USDC", "check x402 credits", "consume API credits", "list endpoint on marketplace", "buy API credits", "topup endpoint", "browse x402 marketplace", "set up webhook", "receive payment notifications", "manage endpoint webhook", "verify webhook payment", "verify payment genuineness", "register ERC-8004 agent", "register Solana 8004 agent", "submit on-chain reputation feedback", "rate ERC-8004 agent", use "Coinbase Agentic Wallet (AWAL)", or manage x402 Singularity Layer operations on Base or Solana networks.

ivaavimusic 2190

x402-compute

This skill should be used when the user asks to "provision GPU instance", "spin up a cloud server", "list compute plans", "browse GPU pricing", "extend compute instance", "destroy server instance", "check instance status", "list my instances", or manage x402 Singularity Compute / x402Compute infrastructure. Handles GPU and VPS provisioning with USDC payment on Base or Solana networks via the x402 payment protocol.

ivaavimusic 2190