{ "schemaVersion": "1.0", "item": { "slug": "agentcloak-email-proxy", "name": "AgentCloak - Email Proxy that filters PII, 2FA, and password resets", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/ryanfren/agentcloak-email-proxy", "canonicalUrl": "https://clawhub.ai/ryanfren/agentcloak-email-proxy", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/agentcloak-email-proxy", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=agentcloak-email-proxy", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-04-23T16:43:11.935Z", "expiresAt": "2026-04-30T16:43:11.935Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=4claw-imageboard", "contentDisposition": "attachment; filename=\"4claw-imageboard-1.0.1.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/agentcloak-email-proxy" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/agentcloak-email-proxy", "agentPageUrl": "https://openagent3.xyz/skills/agentcloak-email-proxy/agent", "manifestUrl": "https://openagent3.xyz/skills/agentcloak-email-proxy/agent.json", "briefUrl": "https://openagent3.xyz/skills/agentcloak-email-proxy/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "AgentCloak", "body": "Secure email proxy for AI agents. AgentCloak sits between your agent and your email, so the agent gets useful email access without seeing credentials, sensitive financial data, PII, or prompt injection attacks.\n\nEvery other email skill on ClawHub gives your agent raw, unfiltered access to your inbox. AgentCloak is the only one with a built-in security pipeline." }, { "title": "What makes this different", "body": "Credential isolation — your email password/OAuth tokens stay server-side; the agent only has an API key\n4-stage content filter — blocklist, HTML sanitizer, PII redaction, prompt injection detection\nRead + draft only — agents can search, read, list, and draft emails but cannot send, delete, or modify anything\nDraft safety — drafts are never sent automatically; you review them first\nSelf-host or hosted — run your own instance or use the hosted version" }, { "title": "Option A: Hosted version (quickest)", "body": "Sign up at https://agentcloak.up.railway.app\nConnect your email (IMAP works with any provider, Gmail OAuth available by invite)\nCreate an API key in the dashboard\nConfigure:\n\nexport AGENTCLOAK_API_KEY=ac_your_key_here\nmcporter config add agentcloak \\\n --baseUrl \"https://agentcloak.up.railway.app/mcp\" \\\n --header \"Authorization: Bearer $AGENTCLOAK_API_KEY\"" }, { "title": "Option B: Self-hosted", "body": "Clone and run:\n\ngit clone https://github.com/ryanfren/AgentCloak.git\ncd agentcloak\npnpm install && pnpm build && pnpm dev\n\nOpen http://localhost:3000, create an account, connect email, create API key\nConfigure:\n\nexport AGENTCLOAK_URL=http://localhost:3000\nexport AGENTCLOAK_API_KEY=ac_your_key_here\nmcporter config add agentcloak \\\n --baseUrl \"${AGENTCLOAK_URL}/mcp\" \\\n --header \"Authorization: Bearer $AGENTCLOAK_API_KEY\"\n\nRequirements for self-hosting: Node.js 20+, pnpm 10+" }, { "title": "Available tools", "body": "ToolDescriptionKey parameterssearch_emailsSearch emails with Gmail-style queriesquery, max_results (1-200), page_tokenread_emailRead full email content by IDmessage_idlist_threadsList conversation threadsquery, max_results, page_tokenget_threadRead all messages in a threadthread_idcreate_draftCreate a draft (not sent)to, subject, body, in_reply_to_thread_idlist_draftsList existing draftsmax_resultslist_labelsList all labels with unread counts(none)get_provider_infoGet provider type and capabilities(none)" }, { "title": "Usage examples", "body": "# Search for unread emails\nmcporter call agentcloak.search_emails query:\"is:unread\" max_results:10\n\n# Read a specific email\nmcporter call agentcloak.read_email message_id:\"abc123\"\n\n# Get a full conversation thread\nmcporter call agentcloak.get_thread thread_id:\"thread456\"\n\n# Draft a reply (not sent until you review it)\nmcporter call agentcloak.create_draft subject:\"Re: Meeting\" body:\"Sounds good, see you Thursday.\" in_reply_to_thread_id:\"thread456\"\n\n# List labels and unread counts\nmcporter call agentcloak.list_labels" }, { "title": "Security pipeline", "body": "Every email passes through a 4-stage filter before the agent sees it. Each stage is independently configurable from the dashboard." }, { "title": "Stage 1: Blocklist", "body": "Blocks emails from sensitive senders outright. Three toggleable categories:\n\nFinancial — 40+ domains (Chase, PayPal, Venmo, Coinbase, etc.)\nSecurity senders — patterns like security@, fraud@, alerts@, .gov addresses\nSecurity subjects — password resets, 2FA codes, verification links, login alerts\n\nPlus custom blocklists: add your own domains, sender patterns, or subject patterns." }, { "title": "Stage 2: HTML sanitizer", "body": "Converts HTML email to plaintext and strips dangerous Unicode (zero-width characters, bidirectional overrides, tag characters, variation selectors) that could be used to hide prompt injection." }, { "title": "Stage 3: PII redaction", "body": "Redacts sensitive patterns with placeholders:\n\nSSNs, credit card numbers, bank account/routing numbers\nAPI keys (sk_, pk_, AWS keys), bearer tokens, PEM private keys\nOptionally: email addresses, large dollar amounts" }, { "title": "Stage 4: Prompt injection detection", "body": "Scans for 19 known injection patterns (instruction overrides, role reassignments, system tag injections, data exfiltration attempts). Flags detected content with a [AGENTCLOAK WARNING] prefix so the agent knows the email may be adversarial. Does not block — lets the agent make an informed decision." }, { "title": "Security and privacy", "body": "What data leaves your machine:\n\nScenarioData flowSelf-hostedNothing leaves your machine. All processing is local.Hosted versionYour email credentials are stored server-side (encrypted). Email content passes through the hosted server's filter pipeline. No data is shared with third parties.\n\nAPI keys are hashed (SHA-256) before storage — the server cannot recover your key after creation\nEmail credentials are stored server-side; the agent never sees them\nAll filtering happens server-side before content reaches the agent\nThe agent can only read and draft — it cannot send, delete, or modify emails\nSource code is open: https://github.com/ryanfren/AgentCloak\n\nTrust statement: By using the hosted version, you trust the AgentCloak server with access to your email account credentials and content. If this is not acceptable, self-host your own instance for full control." }, { "title": "Email providers", "body": "AgentCloak supports three connection methods:\n\nIMAP — works with any email provider (Gmail, Outlook, ProtonMail Bridge, Fastmail, etc.)\nGmail OAuth — direct API access (currently invite-only during beta)\nGmail Apps Script — manual setup via script.google.com, no Google Cloud project needed" }, { "title": "Limitations", "body": "Read and draft only — no send, delete, or modify\nGmail search syntax only (even for IMAP connections, queries are translated)\nAttachment content is not accessible (metadata can optionally be shown)\nGmail OAuth is invite-only during beta; IMAP and Apps Script are open to all\nHosted version is in beta" }, { "title": "Links", "body": "Homepage: https://agentcloak.up.railway.app\nSource: https://github.com/ryanfren/AgentCloak\nLicense: BSL 1.1" } ], "body": "AgentCloak\n\nSecure email proxy for AI agents. AgentCloak sits between your agent and your email, so the agent gets useful email access without seeing credentials, sensitive financial data, PII, or prompt injection attacks.\n\nEvery other email skill on ClawHub gives your agent raw, unfiltered access to your inbox. AgentCloak is the only one with a built-in security pipeline.\n\nWhat makes this different\nCredential isolation — your email password/OAuth tokens stay server-side; the agent only has an API key\n4-stage content filter — blocklist, HTML sanitizer, PII redaction, prompt injection detection\nRead + draft only — agents can search, read, list, and draft emails but cannot send, delete, or modify anything\nDraft safety — drafts are never sent automatically; you review them first\nSelf-host or hosted — run your own instance or use the hosted version\nSetup\nOption A: Hosted version (quickest)\nSign up at https://agentcloak.up.railway.app\nConnect your email (IMAP works with any provider, Gmail OAuth available by invite)\nCreate an API key in the dashboard\nConfigure:\nexport AGENTCLOAK_API_KEY=ac_your_key_here\nmcporter config add agentcloak \\\n --baseUrl \"https://agentcloak.up.railway.app/mcp\" \\\n --header \"Authorization: Bearer $AGENTCLOAK_API_KEY\"\n\nOption B: Self-hosted\nClone and run:\ngit clone https://github.com/ryanfren/AgentCloak.git\ncd agentcloak\npnpm install && pnpm build && pnpm dev\n\nOpen http://localhost:3000, create an account, connect email, create API key\nConfigure:\nexport AGENTCLOAK_URL=http://localhost:3000\nexport AGENTCLOAK_API_KEY=ac_your_key_here\nmcporter config add agentcloak \\\n --baseUrl \"${AGENTCLOAK_URL}/mcp\" \\\n --header \"Authorization: Bearer $AGENTCLOAK_API_KEY\"\n\n\nRequirements for self-hosting: Node.js 20+, pnpm 10+\n\nAvailable tools\nTool\tDescription\tKey parameters\nsearch_emails\tSearch emails with Gmail-style queries\tquery, max_results (1-200), page_token\nread_email\tRead full email content by ID\tmessage_id\nlist_threads\tList conversation threads\tquery, max_results, page_token\nget_thread\tRead all messages in a thread\tthread_id\ncreate_draft\tCreate a draft (not sent)\tto, subject, body, in_reply_to_thread_id\nlist_drafts\tList existing drafts\tmax_results\nlist_labels\tList all labels with unread counts\t(none)\nget_provider_info\tGet provider type and capabilities\t(none)\nUsage examples\n# Search for unread emails\nmcporter call agentcloak.search_emails query:\"is:unread\" max_results:10\n\n# Read a specific email\nmcporter call agentcloak.read_email message_id:\"abc123\"\n\n# Get a full conversation thread\nmcporter call agentcloak.get_thread thread_id:\"thread456\"\n\n# Draft a reply (not sent until you review it)\nmcporter call agentcloak.create_draft subject:\"Re: Meeting\" body:\"Sounds good, see you Thursday.\" in_reply_to_thread_id:\"thread456\"\n\n# List labels and unread counts\nmcporter call agentcloak.list_labels\n\nSecurity pipeline\n\nEvery email passes through a 4-stage filter before the agent sees it. Each stage is independently configurable from the dashboard.\n\nStage 1: Blocklist\n\nBlocks emails from sensitive senders outright. Three toggleable categories:\n\nFinancial — 40+ domains (Chase, PayPal, Venmo, Coinbase, etc.)\nSecurity senders — patterns like security@, fraud@, alerts@, .gov addresses\nSecurity subjects — password resets, 2FA codes, verification links, login alerts\n\nPlus custom blocklists: add your own domains, sender patterns, or subject patterns.\n\nStage 2: HTML sanitizer\n\nConverts HTML email to plaintext and strips dangerous Unicode (zero-width characters, bidirectional overrides, tag characters, variation selectors) that could be used to hide prompt injection.\n\nStage 3: PII redaction\n\nRedacts sensitive patterns with placeholders:\n\nSSNs, credit card numbers, bank account/routing numbers\nAPI keys (sk_, pk_, AWS keys), bearer tokens, PEM private keys\nOptionally: email addresses, large dollar amounts\nStage 4: Prompt injection detection\n\nScans for 19 known injection patterns (instruction overrides, role reassignments, system tag injections, data exfiltration attempts). Flags detected content with a [AGENTCLOAK WARNING] prefix so the agent knows the email may be adversarial. Does not block — lets the agent make an informed decision.\n\nSecurity and privacy\n\nWhat data leaves your machine:\n\nScenario\tData flow\nSelf-hosted\tNothing leaves your machine. All processing is local.\nHosted version\tYour email credentials are stored server-side (encrypted). Email content passes through the hosted server's filter pipeline. No data is shared with third parties.\nAPI keys are hashed (SHA-256) before storage — the server cannot recover your key after creation\nEmail credentials are stored server-side; the agent never sees them\nAll filtering happens server-side before content reaches the agent\nThe agent can only read and draft — it cannot send, delete, or modify emails\nSource code is open: https://github.com/ryanfren/AgentCloak\n\nTrust statement: By using the hosted version, you trust the AgentCloak server with access to your email account credentials and content. If this is not acceptable, self-host your own instance for full control.\n\nEmail providers\n\nAgentCloak supports three connection methods:\n\nIMAP — works with any email provider (Gmail, Outlook, ProtonMail Bridge, Fastmail, etc.)\nGmail OAuth — direct API access (currently invite-only during beta)\nGmail Apps Script — manual setup via script.google.com, no Google Cloud project needed\nLimitations\nRead and draft only — no send, delete, or modify\nGmail search syntax only (even for IMAP connections, queries are translated)\nAttachment content is not accessible (metadata can optionally be shown)\nGmail OAuth is invite-only during beta; IMAP and Apps Script are open to all\nHosted version is in beta\nLinks\nHomepage: https://agentcloak.up.railway.app\nSource: https://github.com/ryanfren/AgentCloak\nLicense: BSL 1.1" }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/ryanfren/agentcloak-email-proxy", "publisherUrl": "https://clawhub.ai/ryanfren/agentcloak-email-proxy", "owner": "ryanfren", "version": "1.0.0", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/agentcloak-email-proxy", "downloadUrl": "https://openagent3.xyz/downloads/agentcloak-email-proxy", "agentUrl": "https://openagent3.xyz/skills/agentcloak-email-proxy/agent", "manifestUrl": "https://openagent3.xyz/skills/agentcloak-email-proxy/agent.json", "briefUrl": "https://openagent3.xyz/skills/agentcloak-email-proxy/agent.md" } }