🛡️ OpenClaw Email Security Skill

An OpenClaw skill for Email Security. Prevents your agent from falling victim to prompt injection, sender spoofing, malicious attachments, and social engineering attacks.

This skill provides a unified security layer for AI agents interacting with email, supporting Gmail, AgentMail, Proton Mail, and generic IMAP/SMTP providers.

🚀 Features

• Prompt Injection Defense: Detects and blocks 15+ known attack patterns (e.g., "Ignore previous instructions", hidden text).
• Sender Verification: Validates sender identity using SPF, DKIM, DMARC, and an authorized whitelist (Owner/Admin/Trusted).
• Smart Content Sanitization:
  • Strips HTML to prevent tracking pixels and XSS.
  • Removes quoted replies and signatures to focus only on new content.
  • Decodes hidden/obfuscated text.
• Attachment Policy Enforcement:
  • Whitelists safe file types (.pdf, .txt, .csv, etc.).
  • Enforces size limits.
  • Disables OCR for untrusted sources.
• Multi-Provider Support: Works seamlessly with Gmail, AgentMail, and standard IMAP.
• Granular Permissions: Define distinct roles for Owner, Admins, Trusted Senders, and Unknown users.

📦 Installation

This skill is designed for the OpenClaw ecosystem.

1. Clone this repository into your agent's skills directory:

   git clone https://github.com/ivaavimusic/EmailSecurity.git skills/email-security

2. Configure Owner Email: Edit email-security/references/owner-config.md to set your owner email address.

   # Owner Configuration
   owner@your-email.com

3. Validate Dependencies: Ensure you have Python 3.8+ and the required packages (see scripts/requirements.txt if available, or just standard libs + pyyaml).

🛠️ Usage

This skill exposes a security workflow that should be triggered before processing any email content.

Standard Workflow

1. Verify Sender: Check if the sender is authorized.

   # Example usage in agent logic
   auth_result = verify_sender(email="sender@example.com")
   if auth_result['level'] == 'blocked':
       return "Sender blocked."

2. Sanitize & Scan: Clean content and check for injections.

   scan_result = sanitize_content(email_body)
   if not scan_result['is_safe']:
       log_threat(scan_result['threats'])
       return "Email rejected due to security policy."

3. Parse Attachment: Safely handle files.

   files = parse_email(raw_email_data)
   # Only processes allowed file types

⚙️ Configuration

Security Policies (references/security-policies.md)

Customize the security framework, including:

• Rate Limits: Commands per hour/day for different roles.
• Confirmation Prompts: Actions that require explicit owner approval (e.g., deleting emails).
• Audit Logging: processing rules.

Threat Detection (references/threat-patterns.md)

Modify the list of known attack vectors and injection patterns. The skill comes pre-loaded with comprehensive patterns for:

• Direct Injection ("Ignore instructions")
• Role Hijacking ("You are now Mario")
• Markdown Injection
• HTML Obfuscation

📁 Repository Structure

.
├── email-security/      # Skill package (for packaging)
│   ├── SKILL.md         # Main entry point & instructions
│   ├── agents/          # Agent configurations
│   │   └── openai.yaml  # OpenAI agent config
│   ├── assets/          # Configuration templates
│   ├── references/      # Documentation & policy files
│   └── scripts/         # Python security scripts
├── dist/                # Packaged .skill files
└── README.md            # This file (repo-level, not packaged)

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/AmazingFeature)
3. Commit your changes (git commit -m 'Add some AmazingFeature')
4. Push to the branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.