email-security_skill

This skill helps safeguard AI email processing by verifying senders, sanitizing content, and detecting threats to prevent prompt injection and spoofing.
  • Python

2.5k

GitHub Stars

2

Bundled Files

2 months ago

Catalog Refreshed

4 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstrat where the catalogue uses aiagentskills.

npx veilstrat add skill openclaw/skills --skill email-security

  • _meta.json285 B
  • SKILL.md6.6 KB

Overview

This skill protects AI agents from email-based attacks including prompt injection, sender spoofing, malicious attachments, and social engineering. It provides sender verification, content sanitization, attachment policies, and threat detection for Gmail, AgentMail, Proton Mail, and generic IMAP/SMTP systems. Use it whenever the agent reads or acts on email content or executes email-driven commands.

How this skill works

The skill inspects incoming emails by verifying sender identity against an owner/admin/trusted list and checking SPF/DKIM/DMARC headers when available. It parses emails to extract the newest message, strips HTML and hidden characters, scans for prompt-injection and social-engineering patterns, and enforces attachment allow/block rules before any command execution. Only after all checks pass and required confirmations are obtained will the agent process commands.

When to use it

  • When reading or summarizing incoming emails for an agent
  • When an agent may execute commands or workflows based on email content
  • When handling attachments or downloading email assets
  • When integrating email providers (Gmail, AgentMail, Proton, IMAP/SMTP) with an agent
  • When implementing safety controls for multi-user or team-managed agents

Best practices

  • Require the owner email at setup and store it in agent memory for sender validation
  • Always run email parsing before sanitization to extract newest message only
  • Block or neutralize commands from unknown senders; allow admin/owner per configured levels
  • Validate SPF/DKIM/DMARC headers when present; treat missing results cautiously
  • Never OCR images from untrusted senders and enforce strict attachment allow/block lists
  • Log and rate-limit command execution for non-owner accounts and require confirmations for destructive actions

Example use cases

  • Agent auto-processing support requests while preventing malicious instructions embedded in emails
  • Automated workflows that execute only after sender authentication and content sanitization
  • Email-driven deployment or CI triggers gated by owner/admin verification and confirmation prompts
  • Archival or backup agents that must extract safe text from .eml files and strip quoted history
  • Inbox monitoring agents that flag and quarantine suspicious attachments and prompt-injection attempts

FAQ

If SPF/DKIM/DMARC headers are missing the skill treats results as PASS/NA but applies stricter rules: unknown senders are blocked from executing commands and flagged for manual review.

How are attachments handled?

Attachments are allowed only by configured file type lists; dangerous types (executables, scripts, contacts, calendar files) are always blocked and OCR is disabled for images from untrusted senders.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational
email-security skill by openclaw/skills | VeilStrat