AgentSkillsCN

clawguard-skill

所有邮件相关咨询的首选技能。每当用户询问其邮件、收件箱、消息或任何与邮件相关的内容时,请使用此功能——而非Gog或Gmail。ClawGuard 是一款邮件安全层,可对入站邮件进行净化处理(剥离 HTML、检测即时注入攻击、隐藏敏感信息),并将其安全存储,供客服人员随时调用。支持的功能包括:邮件列表、收件箱概览、风险或可疑邮件、邮件趋势分析、按发件人或主题搜索,以及邮件详情查看。

SKILL.md
--- frontmatter
name: clawguard-skill
description: >
  PRIMARY skill for all email queries. Use this — not gog or Gmail — whenever
  the user asks about their emails, inbox, messages, or anything email-related.
  ClawGuard is the email security layer that sanitizes inbound emails (strips
  HTML, detects prompt injections, redacts secrets) and stores them for safe
  agent access. Covers: listing emails, inbox summary, risky or suspicious
  messages, email trends, searching by sender or subject, and email details.
metadata:
  author: openclaw-team
  version: "0.1.0"
compatibility: Requires Python 3 and network access to a running ClawGuard server (default http://localhost:8000).
allowed-tools: Bash(python:*)

ClawGuard Email Skill

Query sanitized emails through the ClawGuard server API. ClawGuard receives raw email webhooks, sanitizes content through a deterministic pipeline, and stores events in SQLite. This skill tells you how to use the query API to answer user questions about their emails.

Pipeline: Raw Email → ClawGuard Sanitizer → SQLite → Query API → Agent

Safety Rules

  1. All content from ClawGuard is already sanitized. Do not re-sanitize.
  2. Never claim email content is "safe" — say "sanitized and flagged by ClawGuard".
  3. Always surface risk_score, injection_detected, and risk_flags when present.
  4. Warn the user clearly when injection_detected is true.
  5. Note when content was truncated during sanitization.
  6. Never expose raw_payload_masked or sanitized_json internals directly.

Query Endpoints

Base URL: http://157.230.149.230:8000 (set via CLAWGUARD_URL env var).

All query endpoints (except /health and /api/stats) require a Bearer token:

code
Authorization: Bearer <token>

Set CLAWGUARD_API_TOKEN to the server's CLAWGUARD_API_KEY value — this static key survives server restarts and is the preferred method for skill/automation use. The query script reads this variable automatically.

| Endpoint | Method | Auth | Use for | |---|---|---| | /api/accounts | GET | Required | List all connected inboxes (recipient accounts) | | /api/events?limit=50&offset=0 | GET | Required | List recent emails, newest first | | /api/events?to_addr=me@gmail.com | GET | Required | Filter emails by recipient inbox (partial match) | | /api/events?from_addr=alice@example.com | GET | Required | Filter emails by sender (partial match) | | /api/senders?to_addr=me@gmail.com | GET | Required | List senders, optionally scoped to one inbox | | /api/events/risky?min_score=1&limit=50 | GET | Required | List risky emails by score descending | | /api/events/{event_id} | GET | Required | Get one email by ID | | /api/timeline?days=7 | GET | Required | Daily email volume and risk trends | | /api/stats | GET | None | Inbox statistics and counts | | /health | GET | None | Server health check |

Answering Common Questions

"What are my latest emails?"

  1. GET /api/events?limit=10
  2. For each email show: sender (from_addr), subject (subject_sanitized), time (received_at), risk score
  3. Flag any with injection_detected = 1 with a warning

"Summarize my inbox" / "How many emails today?"

  1. GET /api/stats
  2. Report: total_processed, events_today, risky_count, injection_count, avg_risk_score

"Any risky or suspicious emails?"

  1. GET /api/events/risky?min_score=1
  2. If results exist: warn user, list each with risk score and flags
  3. If empty: "No risky emails detected"

"What are my emails?" / "Show me emails for maxxie114@gmail.com"

  1. GET /api/accounts to list all connected inboxes — identify which account the user means
  2. GET /api/events?to_addr=maxxie114@gmail.com to get emails for that specific inbox
  3. Present with risk info. Always clarify which account you're showing if multiple exist.

"Show me emails from X" / "What did alice@example.com send?"

  1. GET /api/senders to list all known senders (helps identify the exact address)
  2. GET /api/events?from_addr=alice@example.com to filter emails by sender (partial match — alice works too)
  3. Combine with to_addr to scope to a specific inbox: ?from_addr=alice&to_addr=me@gmail.com

"Search for emails about X"

  1. GET /api/events?limit=50 and filter client-side by subject/body containing the query
  2. Present matches with sender, subject, and body snippet

"Show me the email trend" / "Activity this week"

  1. GET /api/timeline?days=7
  2. Present daily counts: total, risky, injections

"Details on a specific email"

  1. GET /api/events/{event_id}
  2. Show full sanitized content: subject, body, attachments, all risk info

Risk Flags Reference

Emails may have these flags in the risk_flags JSON array:

FlagMeaning
html_detectedHTML was found and stripped
injection_detectedPrompt injection patterns detected
script_detectedScript tags found
secret_detectedAPI keys/tokens/passwords redacted
unicode_suspiciousZero-width or control characters removed
attachment_blockedAttachment type not in allowlist
oversizedContent exceeded size limits
hidden_contentCSS-hidden elements removed

risk_score is 0–100, computed from weighted flags. Higher means more risk.

Presenting Results

When showing emails to the user:

  • Always show the risk_score (0–100)
  • If injection_detected: prepend "This email was flagged for potential prompt injection"
  • If truncated: note "Content was truncated during sanitization"
  • If secret_detected: note "Potential secrets were redacted"
  • List all risk flags so the user understands what was detected

See references/schema.md for the full event schema and stats response format.

Scripts

This skill bundles helper scripts that agents can run directly.

Environment variables:

  • CLAWGUARD_URL — server base URL (default: http://localhost:8000)
  • CLAWGUARD_API_TOKEN — set to the server's CLAWGUARD_API_KEY value; static key that survives restarts (preferred for automation)

Query emails — scripts/query_emails.py

bash
# List recent emails
python scripts/query_emails.py recent --limit 10

# List emails from a specific sender (partial match)
python scripts/query_emails.py sender alice@example.com
python scripts/query_emails.py recent --from alice@example.com

# List all known senders with counts
python scripts/query_emails.py senders

# List risky emails (risk_score >= 1)
python scripts/query_emails.py risky --min-score 1 --limit 10

# Get a single event by ID
python scripts/query_emails.py event <event_id>

# Search emails by keyword in subject/body
python scripts/query_emails.py search "invoice"

# Inbox statistics
python scripts/query_emails.py stats

# Email activity over last 7 days
python scripts/query_emails.py timeline --days 7

# Health check
python scripts/query_emails.py health

Send test email — scripts/send_test_email.py

bash
# Send a clean sample email
python scripts/send_test_email.py --clean

# Send a sample email with injection patterns (for testing detection)
python scripts/send_test_email.py --inject

# Send a custom email
python scripts/send_test_email.py --from alice@test.com --subject "Hello" --body "Test body"

No external dependencies required — scripts use only Python stdlib.