agentcloak-email-proxy_skill

This skill securely proxies email access for AI agents by filtering, redacting, and drafting content without exposing credentials or raw inbox data.
  • Python

2.5k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill agentcloak-email-proxy

  • _meta.json343 B
  • SKILL.md6.7 KB

Overview

This skill provides a secure email proxy for AI agents, letting them search, read, list, and draft emails without ever seeing raw credentials or unfiltered content. It enforces server-side credential isolation, PII redaction, HTML sanitization, blocklists, and prompt-injection detection. You can self-host or use the hosted beta depending on your trust and control needs.

How this skill works

AgentCloak sits between the agent and your mailbox and exposes a restricted API. Incoming email is processed by a four-stage pipeline: blocklist filtering, HTML sanitization, PII redaction, and prompt-injection detection. Credentials and OAuth tokens remain server-side; the agent only uses an API key. Drafts are created but never sent automatically, so a human review step is required before outbound messages go out.

When to use it

  • Give an AI agent controlled read access to an inbox without exposing credentials
  • Prevent leak of SSNs, credit cards, API keys, or other PII to an agent
  • Reduce risk from malicious or cleverly formatted emails (prompt injection)
  • Provide a sandboxed email workspace for research or automation workflows
  • Self-host when you require full on-premise control over email data

Best practices

  • Self-host if you cannot trust a third-party hosted service with your email credentials
  • Create least-privilege API keys and rotate them periodically
  • Enable and customize blocklists for financial and security senders to reduce false positives
  • Review drafts manually before sending; never rely on automatic send by agents
  • Test query translations (Gmail-style syntax) when using IMAP providers to ensure expected search results

Example use cases

  • Automated inbox summarization for customer support agents while hiding customer PII
  • Research agent that searches and extracts non-sensitive signals from newsletters and threads
  • Draft reply generation for busy users where the human reviews and approves the reply
  • Auditing or archiving workflows that need read-only access to mailboxes
  • Secure testing of agent behaviors against adversarial or malformed emails

FAQ

No. Credentials stay on the server or your self-hosted instance; agents only use an API key hashed on the server.

Can the agent send or delete emails?

No. The API supports read, search, list, and create_draft only. Drafts must be reviewed and sent manually.

What happens when a prompt-injection pattern is detected?

Detected content is prefixed with a clear warning so the agent or operator can make an informed decision; it is not automatically blocked.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational