# Send Mailtap to your agent
Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.
## Fast path
- Download the package from Yavira.
- Extract it into a folder your agent can access.
- Paste one of the prompts below and point your agent at the extracted folder.
## Suggested prompts
### New install

```text
I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete.
```
### Upgrade existing

```text
I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run.
```
## Machine-readable fields
```json
{
  "schemaVersion": "1.0",
  "item": {
    "slug": "mailtap",
    "name": "Mailtap",
    "source": "tencent",
    "type": "skill",
    "category": "通讯协作",
    "sourceUrl": "https://clawhub.ai/zororaka00/mailtap",
    "canonicalUrl": "https://clawhub.ai/zororaka00/mailtap",
    "targetPlatform": "OpenClaw"
  },
  "install": {
    "downloadUrl": "/downloads/mailtap",
    "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=mailtap",
    "sourcePlatform": "tencent",
    "targetPlatform": "OpenClaw",
    "packageFormat": "ZIP package",
    "primaryDoc": "SKILL.md",
    "includedAssets": [
      "openapi.json",
      "SKILL.md"
    ],
    "downloadMode": "redirect",
    "sourceHealth": {
      "source": "tencent",
      "slug": "mailtap",
      "status": "healthy",
      "reason": "direct_download_ok",
      "recommendedAction": "download",
      "checkedAt": "2026-04-30T13:44:04.879Z",
      "expiresAt": "2026-05-07T13:44:04.879Z",
      "httpStatus": 200,
      "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=mailtap",
      "contentType": "application/zip",
      "probeMethod": "head",
      "details": {
        "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=mailtap",
        "contentDisposition": "attachment; filename=\"mailtap-1.0.4.zip\"",
        "redirectLocation": null,
        "bodySnippet": null,
        "slug": "mailtap"
      },
      "scope": "item",
      "summary": "Item download looks usable.",
      "detail": "Yavira can redirect you to the upstream package for this item.",
      "primaryActionLabel": "Download for OpenClaw",
      "primaryActionHref": "/downloads/mailtap"
    },
    "validation": {
      "installChecklist": [
        "Use the Yavira download entry.",
        "Review SKILL.md after the package is downloaded.",
        "Confirm the extracted package contains the expected setup assets."
      ],
      "postInstallChecks": [
        "Confirm the extracted package includes the expected docs or setup files.",
        "Validate the skill or prompts are available in your target agent workspace.",
        "Capture any manual follow-up steps the agent could not complete."
      ]
    }
  },
  "links": {
    "detailUrl": "https://openagent3.xyz/skills/mailtap",
    "downloadUrl": "https://openagent3.xyz/downloads/mailtap",
    "agentUrl": "https://openagent3.xyz/skills/mailtap/agent",
    "manifestUrl": "https://openagent3.xyz/skills/mailtap/agent.json",
    "briefUrl": "https://openagent3.xyz/skills/mailtap/agent.md"
  }
}
```
## Documentation

### MailTap - Temporary Email Service

Version: 1.0.4
Author: Web3 Hungry
Author Handle: @zororaka00
Author Profile: https://x.com/web3hungry
Homepage: https://www.mailtap.org
Category: Utilities → Automation → Privacy & Verification
Tags: temporary-email

### Overview

This skill provides seamless access to the MailTap Public API, a free temporary email service that generates disposable email addresses valid for 30 minutes.

No authentication or API key is required — all endpoints are public and use simple HTTP GET requests.

This skill does not store, proxy, or modify any email data. All operations communicate directly with the official MailTap public API.

Ideal for AI agents performing tasks such as:

Registering on websites/services without exposing real email addresses
Capturing verification codes, one-time links, or confirmation emails
Automating web3 airdrops, form submissions, or testing flows that require email verification
Privacy-focused workflows where email traceability must be avoided
Downloading email attachments when available

Base URL: https://api.mailtap.org

All responses are returned in JSON format.

### Core Capabilities

The skill exposes three primary endpoints:

Generate a new temporary email address
Retrieve details of an existing email address
Fetch all messages in the inbox (including attachments metadata)

Agents can chain operations autonomously (generate → wait → poll inbox → extract data → download attachments).

### Usage Guide for Agents

Agents should use standard HTTP tools (curl, fetch, requests, etc.) to interact with the API.

### 1. Generate New Temporary Email

curl "https://api.mailtap.org/public/generate"

Example response:

{
  "address": "abc123xyz@mailtap.com",
  "expires_at": "2026-02-15T04:30:00.000Z",
  "created_at": "2026-02-15T04:00:00.000Z"
}

### 2. Get Email Details

curl "https://api.mailtap.org/public/email/{address}"

### 3. Get Inbox Messages

curl "https://api.mailtap.org/public/inbox/{address}"

Example response with attachment:

{
  "messages": [
    {
      "id": 1,
      "from_address": "no-reply@example.com",
      "subject": "Your document",
      "body": "Please find the attached file.",
      "received_at": "2026-02-15T04:05:00.000Z",
      "attachments": [
        {
          "filename": "document.pdf",
          "mime_type": "application/pdf",
          "size": 102400,
          "r2_key": "attachments/abc123/document.pdf"
        }
      ]
    }
  ]
}

### 4. Download Attachments

Attachments are publicly downloadable via the S3-compatible URL:

https://s3.mailtap.org/{r2_key}

Example:

curl -O "https://s3.mailtap.org/attachments/abc123/document.pdf"

or

wget "https://s3.mailtap.org/attachments/abc123/document.pdf"

### Recommended Agent Workflow Patterns

Verification flow:

Generate email
Use for signup
Poll inbox
Extract verification code

Attachment flow:

Poll inbox
If attachments exist → download
Process files

Error handling:

If 404 → email expired → generate new address

### Example Prompts for Agents

"Generate a new temporary email using MailTap"
"Check inbox for abc123@mailtap.com and download attachments"
"Create temp email, wait up to 2 minutes, extract verification code"

### Python Helper Library (Enhanced)

import requests
import time
import os
from pathlib import Path
from typing import Optional, Dict, Any

BASE_URL = "https://api.mailtap.org"
ATTACHMENT_BASE = "https://s3.mailtap.org"

# Whitelisted attachment types for security
WHITELISTED_MIME_TYPES = {
    "application/pdf",
    "image/jpeg", "image/png", "image/gif",
    "text/plain", "text/csv", "text/html",
    "application/msword", "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
    "application/vnd.ms-excel", "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet"
}

MAX_FILE_SIZE_MB = 10  # Maximum 10MB for security


def generate_email() -> Dict[str, Any]:
    """Generates a new temporary email address."""
    response = requests.get(f"{BASE_URL}/public/generate")
    response.raise_for_status()
    return response.json()


def get_inbox(address: str) -> Dict[str, Any]:
    """Retrieves the inbox for a given address."""
    response = requests.get(f"{BASE_URL}/public/inbox/{address}")
    if response.status_code == 404:
        return {"error": "Email not found or expired"}
    response.raise_for_status()
    return response.json()


def wait_for_message(address: str, timeout: int = 120, interval: int = 10) -> Dict[str, Any]:
    """Polls the inbox until a message arrives or timeout is reached."""
    start_time = time.time()
    while time.time() - start_time < timeout:
        inbox = get_inbox(address)
        if "error" not in inbox and inbox.get("messages"):
            return inbox["messages"][-1]
        time.sleep(interval)
    return {"error": "Timeout"}


def is_safe_attachment(attachment: Dict[str, Any]) -> bool:
    """Validates attachment safety based on MIME type and size."""
    mime_type = attachment.get("mime_type", "")
    size_mb = attachment.get("size", 0) / (1024 * 1024)
    
    if mime_type not in WHITELISTED_MIME_TYPES:
        return False
    if size_mb > MAX_FILE_SIZE_MB:
        return False
    return True


def download_attachment(r2_key: str, save_path: Optional[str] = None) -> str:
    """Downloads an attachment from the mailtap S3 storage with security checks."""
    
    # Parse attachment info from r2_key
    parts = r2_key.split("/")
    if len(parts) < 2:
        raise ValueError("Invalid r2_key format")
    
    filename = parts[-1]
    if not filename or ".." in filename:
        raise ValueError("Invalid filename detected")
    
    url = f"{ATTACHMENT_BASE}/{r2_key}"
    
    # Get attachment metadata first
    response = requests.head(url, allow_redirects=True)
    response.raise_for_status()
    
    # Validate content type and size
    content_type = response.headers.get("content-type", "")
    content_length = response.headers.get("content-length")
    
    if content_type not in WHITELISTED_MIME_TYPES:
        raise ValueError(f"Unsafe MIME type: {content_type}")
    
    if content_length:
        size_mb = int(content_length) / (1024 * 1024)
        if size_mb > MAX_FILE_SIZE_MB:
            raise ValueError(f"File too large: {size_mb:.1f}MB (max {MAX_FILE_SIZE_MB}MB)")
    
    # Download the file
    response = requests.get(url, stream=True)
    response.raise_for_status()
    
    if save_path is None:
        save_path = filename
    
    # Ensure safe save path
    save_path = Path(save_path)
    save_path = save_path.resolve()
    
    # Create directory if needed
    save_path.parent.mkdir(parents=True, exist_ok=True)
    
    with open(save_path, "wb") as f:
        for chunk in response.iter_content(8192):
            f.write(chunk)
    
    return str(save_path)


def list_attachments(address: str) -> list:
    """Lists all attachments in inbox with security validation."""
    inbox = get_inbox(address)
    if "error" in inbox:
        return []
    
    safe_attachments = []
    for message in inbox.get("messages", []):
        for attachment in message.get("attachments", []):
            if is_safe_attachment(attachment):
                safe_attachments.append(attachment)
    
    return safe_attachments

### 1. Attachment Validation

MIME Type Whitelisting: Only allows common safe file types (PDF, images, text, office documents)
Size Limitation: Maximum 10MB per file to prevent large file attacks
Filename Sanitization: Prevents path traversal attacks by validating filenames

### 2. Safe Download Process

Metadata Validation: Checks content type and size before downloading
Sandboxed Download: Uses safe path resolution to prevent directory traversal
Streamed Download: Downloads in chunks to prevent memory exhaustion

### 3. Agent Safety Guidelines

Never auto-execute: Agents should never automatically execute downloaded files
Validate before use: Always validate file type and content before processing
Use in sandbox: For untrusted files, use in isolated environment

### Important Notes & Limitations

Emails expire automatically after 30 minutes.
Attachments are public.
No authentication required.
Rate limits are generous for normal usage.
Security-first approach: All downloads are validated for safety.
No automatic execution: Agents must manually validate and process files.
User responsibility: Users should still exercise caution with unknown attachments.

### Example Secure Workflow

# Secure attachment handling
address = "test123@mailtap.com"

# Get inbox and list safe attachments
attachments = list_attachments(address)

for attachment in attachments:
    try:
        # Download with validation
        file_path = download_attachment(attachment["r2_key"])
        print(f"Downloaded safe file: {file_path}")
        
        # Process file (in sandbox if possible)
        # process_file(file_path)
        
    except Exception as e:
        print(f"Failed to download {attachment['filename']}: {e}")

### Source & Verification

Official service: https://www.mailtap.org
API root: https://api.mailtap.org

This skill is a transparent wrapper around the public MailTap API with enhanced security measures.

### Disclaimer

Use responsibly and comply with MailTap terms of service. While security measures are implemented, users should still exercise caution when handling email attachments from unknown sources.

Created and maintained by Web3 Hungry.
Updated for security compliance.
## Trust
- Source: tencent
- Verification: Indexed source record
- Publisher: zororaka00
- Version: 1.0.4
## Source health
- Status: healthy
- Item download looks usable.
- Yavira can redirect you to the upstream package for this item.
- Health scope: item
- Reason: direct_download_ok
- Checked at: 2026-04-30T13:44:04.879Z
- Expires at: 2026-05-07T13:44:04.879Z
- Recommended action: Download for OpenClaw
## Links
- [Detail page](https://openagent3.xyz/skills/mailtap)
- [Send to Agent page](https://openagent3.xyz/skills/mailtap/agent)
- [JSON manifest](https://openagent3.xyz/skills/mailtap/agent.json)
- [Markdown brief](https://openagent3.xyz/skills/mailtap/agent.md)
- [Download page](https://openagent3.xyz/downloads/mailtap)