email-importance-content-analysis
Judge whether an email is important/urgent using content-based analysis rather than sender name or mailbox labels (which can be spoofed). Use when asked to triage emails, decide priority, detect phishing/social-engineering, or recommend next actions (reply/pay/login/download/click) based on what the message asks the user to do.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/shingo0620/email-importance-content-analysisEmail Importance Content Analysis
Use a subject/title-first triage, then perform technical verification (headers/links/attachments) only when warranted, and only then validate with content analysis. Treat sender display name, badges, labels, and “From” appearance as untrusted.
Workflow (title → technical → content)
1) Title/subject + sender triage (cheap first-pass)
Use only: subject line + sender (display name + email address/domain as shown). Do not click anything.
Important: treat sender as weak signal (can be spoofed). Use it for triage only.
1A) Fast-drop rules (save time)
If the sender looks obviously sloppy/spoofed AND the email is not expected, classify as Likely scam/ads and stop (do not spend time on technical verification). Examples of fast-drop signals:
- Display name claims a bank/government/major brand but the address is from a free mailbox (gmail/outlook/163/qq) or unrelated domain
- Lookalike domains / typo-squatting:
paypaI(I/l),micros0ft(0/O), extra-secure/-verify, weird punctuation - Suspicious TLDs or brand stuffed into subdomain:
brand.security-check.example.com - Very unprofessional local-part patterns (random digits/strings) while claiming official identity
- Pure promo patterns (promo/marketing/news) + obvious sales subject ⇒ treat as ads
1B) Escalate rules (to technical verification)
Escalate for technical verification if subject OR sender implies any of:
- Money/settlement: 扣款/圈存/付款/退款/發票/帳單/對帳單/繳費
- Account/security: 登入/驗證/密碼重設/異常登入/停權/封鎖/安全警告
- Delivery/download: 文件下載/取件號碼/包裹/物流失敗
- Urgency/threat: 最後通知/24小時內/立即/否則將…
- Execution: 附件/請下載/請開啟/啟用巨集
If the subject is clearly marketing/newsletter and no action is implied ⇒ usually stop here (Low).
If it triggers the fast-drop rules, you may label it as:
- Importance: Low
- Risk: Medium–High (spoof attempt)
- Next step: Do not click; optionally mark as spam/block
2) Technical verification (only for emails that passed title triage)
Prefer evaluating raw email headers / “Show original” output (or via gog gmail get). Check:
- Authentication-Results: SPF / DKIM / DMARC results (
pass|fail|neutral) and note which domain they authenticate - Alignment: whether DKIM d= domain / SPF MAIL FROM / DMARC aligns with the visible From domain
- From vs Reply-To mismatch
- Links and attachments:
- Expand the real target domain (hover/copy link) — don’t trust anchor text
- Note risky attachments (e.g., .zip, .iso, .js, .vbs, .docm, password-protected archives)
If headers are not available, mark Technical verdict = Unknown and increase caution.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-shingo0620-email-importance-content-analysis": {
"enabled": true,
"auto_update": true
}
}
}