✓ Verified 💻 Development ✓ Enhanced Data

Email Webhook

Receive incoming emails via JSON webhooks and wake the agent.

Rating
4.1 (391 reviews)
Downloads
9,263 downloads
Version
1.0.0

Overview

Receive incoming emails via JSON webhooks and wake the agent.

Complete Documentation

View Source →

Email Webhook Receiver

This skill provides a secure endpoint to receive emails as standardized JSON webhooks and automatically wakes the agent.

🤖 Agent Setup (Post-Install)

After installing and starting this skill, add the following logic to your HEARTBEAT.md:

markdown
### 📧 Inbound Email Check
- Read `<path-to-inbox.jsonl>` (configured via INBOX_FILE or default: inbox.jsonl in cwd)
- Compare the latest `receivedAt` timestamp with your last-checked timestamp
- If there are NEW emails since last check:
  - Notify the user via their last active communication channel (Discord, WhatsApp, etc.)
  - Format: "📧 New email from [from]: [subject] — [text preview]"
  - Update your last-checked timestamp
- If no new emails: continue silently

💡 You don't need to know the user's channel in advance — use the most recently active channel from your session history. If you're unsure how to reach the user, ask them directly.

The skill fires openclaw system event on each incoming email to wake you immediately. Your HEARTBEAT.md logic will then run and handle the notification.

⚡️ Wake Mechanism

When an email is received, the server invokes openclaw system event --mode now. This ensures the agent is notified immediately and can process the incoming communication without waiting for the next heartbeat cycle.

🚨 Security & Privacy

Command Injection Protection

The server uses secure process spawning (child_process.spawn) with argument arrays instead of shell execution. User-controlled input (email headers) cannot be used to execute arbitrary system commands.

Path Traversal Protection

The INBOX_FILE parameter is sanitized using path.basename(), ensuring that files are only written within the server's working directory.

Authentication

A strong WEBHOOK_SECRET environment variable is REQUIRED for the server to start. All incoming requests must provide this secret in the Authorization: Bearer header.

Data Storage

  • Local Inbox: Incoming emails (raw body and metadata) are appended to a local inbox.jsonl file.
  • Cleanup: Users should periodically rotate or delete the inbox file to save disk space and protect privacy.

Environment Variables

VariableRequiredDefaultDescription
WEBHOOK_SECRETYesSecret token for webhook authentication.
OPENCLAW_AGENT_IDYesYour agent ID (e.g. skippy). Without this, incoming emails wake ALL agents on the server.
PORTNo2083Port to listen on. Configurable — set to match your OPENCLAW_WEBHOOK_URL.
INBOX_FILENoinbox.jsonlFilename for the activity feed.

Setup

  • Install dependencies:
bash
npm install [email protected]
  • Start Server:
bash
WEBHOOK_SECRET=your-strong-token node scripts/webhook_server.js

Cloudflare Setup

This server listens on port 2082. Cloudflare natively supports port 2082 as an HTTP origin port with Flexible SSL.

When configuring your Cloudflare Email Worker, set OPENCLAW_WEBHOOK_URL using http:// with the port explicitly:

text
https://webhook.yourdomain.com:2083/api/email

Port 2083 is a Cloudflare-supported port. Works with Flexible SSL — the server uses a self-signed certificate (auto-generated on first run) which Cloudflare accepts on this port.

⚠️ If you use a different port, set the PORT env var when starting the server.
⚠️ If you omit the port in the Worker URL, Cloudflare defaults to port 80 → 404.

DNS setup: create an A record for webhook.yourdomain.com pointing to your server IP with the orange cloud (proxy) enabled.

Runtime Requirements

Requires: express, node, openclaw CLI.

Installation

Terminal bash 

openclaw install email-webhook
Copied!

💻Code Examples

- If no new emails: continue silently

--if-no-new-emails-continue-silently.txt
> 💡 You don't need to know the user's channel in advance — use the most recently active channel from your session history. If you're unsure how to reach the user, ask them directly.

The skill fires `openclaw system event` on each incoming email to wake you immediately. Your HEARTBEAT.md logic will then run and handle the notification.

## ⚡️ Wake Mechanism

When an email is received, the server invokes `openclaw system event --mode now`. This ensures the agent is notified immediately and can process the incoming communication without waiting for the next heartbeat cycle.

## 🚨 Security & Privacy

### Command Injection Protection
The server uses secure process spawning (`child_process.spawn`) with argument arrays instead of shell execution. User-controlled input (email headers) cannot be used to execute arbitrary system commands.

### Path Traversal Protection
The `INBOX_FILE` parameter is sanitized using `path.basename()`, ensuring that files are only written within the server's working directory.

### Authentication
A strong `WEBHOOK_SECRET` environment variable is **REQUIRED** for the server to start. All incoming requests must provide this secret in the `Authorization: Bearer <secret>` header.

### Data Storage
- **Local Inbox**: Incoming emails (raw body and metadata) are appended to a local `inbox.jsonl` file.
- **Cleanup**: Users should periodically rotate or delete the inbox file to save disk space and protect privacy.

## Environment Variables

| Variable | Required | Default | Description |
|---|---|---|---|
| `WEBHOOK_SECRET` | **Yes** | — | Secret token for webhook authentication. |
| `OPENCLAW_AGENT_ID` | **Yes** | — | Your agent ID (e.g. `skippy`). Without this, incoming emails wake **ALL** agents on the server. |
| `PORT` | No | `2083` | Port to listen on. Configurable — set to match your `OPENCLAW_WEBHOOK_URL`. |
| `INBOX_FILE` | No | `inbox.jsonl` | Filename for the activity feed. |

## Setup

1. **Install dependencies**:
example.md
### 📧 Inbound Email Check
- Read `<path-to-inbox.jsonl>` (configured via INBOX_FILE or default: inbox.jsonl in cwd)
- Compare the latest `receivedAt` timestamp with your last-checked timestamp
- If there are NEW emails since last check:
  - Notify the user via their last active communication channel (Discord, WhatsApp, etc.)
  - Format: "📧 New email from [from]: [subject] — [text preview]"
  - Update your last-checked timestamp
- If no new emails: continue silently

Tags

#web_and-frontend-development #json #web

Quick Info

Category Development
Model Claude 3.5
Complexity Multi-Agent
Author lksrz
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install email-webhook

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Acestep Lyrics Transcription

Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.

GPT-Optimized #ai_and-llms #api #script
)}
3.8 (274)
17,648
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0