On this page

How to Set Up the OpenClaw Email Skill (Gmail, IMAP, SMTP)

Email is the canonical AI agent use case — and the most dangerous one to get wrong. An AI that reads your email and drafts replies is useful. An AI that autonomously sends email on your behalf can cause real damage: sending premature responses, triggering unsubscribes, or delivering confidential information to the wrong thread.

This guide covers all three auth flavors for the OpenClaw email skill, enforces the draft-only safety pattern as the starting point, and walks through a triage recipe that auto-labels and writes drafts but never sends without your explicit action.

Three Auth Flavors

Gmail with OAuth 2.0 (Recommended for Gmail Users)

OAuth is the correct approach for Gmail. It grants scoped access without exposing your password, and you can revoke it at any time from your Google Account settings.

Setup:

  1. Go to console.cloud.google.com
  2. Create a new project (or use an existing one)
  3. Enable the Gmail API under APIs & Services → Library
  4. Go to APIs & Services → Credentials → Create Credentials → OAuth 2.0 Client ID
  5. Application type: Desktop app
  6. Download the credentials JSON file

Scopes to request:

https://www.googleapis.com/auth/gmail.readonly      # Read emails
https://www.googleapis.com/auth/gmail.modify         # Add labels, mark read
https://www.googleapis.com/auth/gmail.compose        # Create drafts

Do not request gmail.send scope unless you intend to enable auto-send. Requesting only gmail.compose means OpenClaw can create drafts but cannot send — a useful architectural constraint.

Run the OAuth flow:

@openclaw setup gmail oauth

OpenClaw opens a browser window for Google authorization. After you approve, it stores the refresh token securely. Access tokens are generated automatically from the refresh token — you don’t manage them manually.

gmail:
  credentials_file: "~/.openclaw/gmail-credentials.json"
  token_file: "~/.openclaw/gmail-token.json"
  scopes:
    - "https://www.googleapis.com/auth/gmail.readonly"
    - "https://www.googleapis.com/auth/gmail.modify"
    - "https://www.googleapis.com/auth/gmail.compose"

IMAP + SMTP (For Non-Gmail or Self-Hosted Email)

IMAP reads email; SMTP sends it. Together they cover the full email workflow for any provider that supports standard protocols: Outlook, FastMail, ProtonMail (with Bridge), Zoho, custom domains hosted anywhere.

email:
  imap:
    host: "imap.yourprovider.com"
    port: 993
    ssl: true
    username: "[email protected]"
    password: "${EMAIL_PASSWORD}"  # Use env var, never hardcode
  smtp:
    host: "smtp.yourprovider.com"
    port: 587
    tls: true
    username: "[email protected]"
    password: "${EMAIL_PASSWORD}"

Common provider settings:

ProviderIMAP HostIMAP PortSMTP HostSMTP Port
Gmailimap.gmail.com993smtp.gmail.com587
Outlookoutlook.office365.com993smtp.office365.com587
FastMailimap.fastmail.com993smtp.fastmail.com587
Zohoimap.zoho.com993smtp.zoho.com587

Gmail-specific note: If you use Gmail via IMAP/SMTP instead of OAuth, you need to enable “Less secure app access” or generate an App Password if 2FA is on. The OAuth approach above is cleaner — IMAP/SMTP with Gmail is a fallback for specific setups.

Gmail via Google Workspace Service Account (Team/Enterprise)

If you’re managing email for a Google Workspace organization and want OpenClaw to access multiple accounts, service accounts with domain-wide delegation allow this without per-user OAuth flows.

This is an enterprise pattern. For personal use, stick with OAuth 2.0.

gmail_workspace:
  service_account_file: "~/.openclaw/service-account.json"
  delegate_to: "[email protected]"
  scopes:
    - "https://www.googleapis.com/auth/gmail.readonly"
    - "https://www.googleapis.com/auth/gmail.compose"

Service accounts require a Google Workspace admin to enable domain-wide delegation — not available on personal Gmail accounts.

Draft-Only Safety Pattern: Why It’s the Default

Before configuring what OpenClaw does with email, understand why draft-only is the correct starting point.

What can go wrong with auto-send:

  • Replying to a phishing email thinking it’s legitimate
  • Sending an internal thread context to an external party in a forwarded reply
  • Responding to a newsletter with a personal message because the AI misidentified it
  • Confirming a meeting you haven’t actually checked your calendar for
  • Sending a draft you marked “needs more thought” to the wrong thread

None of these are hypothetical. They happen. Draft-only mode prevents all of them.

The draft-only guarantee: In draft-only mode, OpenClaw never calls any send endpoint. It can create drafts (saved in your Drafts folder), add labels, mark emails read/unread, and archive — but no email leaves your outbox without you clicking Send.

email_skill:
  mode: draft-only  # draft-only | supervised | auto-send
  # Start here. Always.

Supervised mode (the intermediate step): OpenClaw drafts replies and flags them for your approval. You review a daily queue of pending sends and approve or discard each. Good for high-volume, repetitive email like scheduling requests or standard customer responses.

Auto-send mode (advanced, use sparingly): Only for specific, well-defined email types with clear rules. Example: auto-confirming receipt of support tickets with a template response. Never for substantive replies.

Triage Recipe: Label, Draft, Never Send

This is the highest-value use of the email skill. It handles the tedious work — reading, categorizing, writing draft responses — while keeping you in control of everything that leaves your inbox.

Setup

Configure your label taxonomy first. These are the labels OpenClaw will apply:

email_labels:
  - name: "ai/needs-reply"
    color: red
    description: "Requires a response"
  - name: "ai/fyi-only"
    color: blue
    description: "No action needed, just awareness"
  - name: "ai/waiting-on-them"
    color: yellow
    description: "Ball in their court"
  - name: "ai/draft-ready"
    color: green
    description: "Draft reply created, needs review"
  - name: "ai/newsletter"
    color: gray
    description: "Marketing/newsletter, low priority"

Create these in Gmail under Settings → Labels, or let OpenClaw create them:

@openclaw create my email triage labels

The Triage Workflow

@openclaw triage my inbox — label everything from the last 24 hours

For each email in the past 24 hours, OpenClaw:

  1. Reads sender, subject, body, and thread history
  2. Classifies the email:
    • Is a reply required? (Needs-Reply)
    • Is it informational? (FYI-Only)
    • Is it a newsletter or marketing? (Newsletter)
    • Is it something you’re waiting on a response for? (Waiting-On-Them)
  3. Labels accordingly
  4. For Needs-Reply emails: Drafts a reply and saves it to Drafts folder, then applies the ai/draft-ready label
  5. Summarizes what it did

Triage summary output:

? Inbox Triage — May 19, 2026

Processed 23 emails:
• 4 → Needs Reply (drafts created)
• 11 → FYI Only (labeled, marked read)
• 6 → Newsletter (labeled)
• 2 → Waiting On Them (labeled)

Drafts ready for review:
1. Re: Project proposal from Sarah Chen — draft in Drafts folder
2. Re: Invoice #4421 query — draft in Drafts folder  
3. Re: Meeting reschedule request — draft in Drafts folder
4. Re: Partnership inquiry — draft in Drafts folder

Review drafts, edit as needed, then send. Nothing has been sent.

Reviewing Drafts

@openclaw show me the drafts you created today
Draft 1/4: Re: Project proposal from Sarah Chen
To: [email protected]
Subject: Re: Project proposal

Hi Sarah,

Thanks for sending this over. I've had a chance to review the proposal 
and have a few questions before we move forward:

1. What's the expected timeline for the discovery phase?
2. Is the budget estimate inclusive of all third-party tools?
3. Who would be the primary point of contact on your team?

Happy to jump on a call this week if that's easier. Let me know 
what works for you.

Best,
[Your name]

[SEND] [EDIT] [DISCARD]

You send directly from your email client (Gmail, Outlook, etc.) or approve from the OpenClaw interface if you’re using PaioClaw’s web UI.

Auto-Triage on Schedule

@openclaw triage my inbox every morning at 8am

OpenClaw sets a daily job. Each morning at 8am, your inbox is labeled and drafts are waiting in your Drafts folder before you open your email.

Smart Reply Drafting

The quality of drafted replies depends on context. Give OpenClaw more context for better drafts:

@openclaw when drafting replies, here's context about me:
- I'm a freelance product consultant
- Standard project rate is $150/hour
- I prefer async communication over calls when possible
- I'm usually available Mon-Thu for new project discussions

OpenClaw stores this in your preferences and uses it when drafting. The partnership inquiry draft will mention your rate. The meeting request draft will suggest Tuesday or Wednesday.

Thread Summarization

For long email threads you’ve been CC’d on:

@openclaw summarize the thread "Re: Q3 Product Roadmap" and tell me if I need to do anything
Thread Summary: Q3 Product Roadmap (14 emails, May 10-19)

The team debated scope for Q3. Main discussion: whether to prioritize 
the mobile redesign or the API performance improvements.

Decision reached on May 17: API performance takes priority. Mobile 
redesign pushed to Q4.

Your involvement: You were CC'd but haven't responded. Marcus asked 
on May 15 if you had bandwidth to consult on the API work — that 
question appears unanswered.

Suggested action: Reply to Marcus's May 15 email about API consulting.

Priority Inbox Pattern

@openclaw when I open my email, tell me the 3 things I actually need to deal with today
Morning Email Priority — May 19, 2026

1. ? REPLY NEEDED: Invoice dispute from Client Corp — 3 days old, needs response
2. ? DECISION: Team async vote closing today at 5pm — you haven't voted
3. ? FYI: Your domain renewal is in 7 days — action optional but noted

Everything else can wait. 18 other emails labeled and triaged.

Handling Sensitive Email

OpenClaw reads all email it has access to. For sensitive email (legal, HR, confidential communications), you should either:

  1. Exclude specific labels or senders from OpenClaw’s triage:

    email_skill:
      exclude_labels: ["Legal", "Confidential", "HR"]
      exclude_senders: ["[email protected]", "[email protected]"]
    
  2. Use a separate email account for sensitive correspondence that OpenClaw doesn’t have access to

The OAuth scope approach helps here — by not granting gmail.send, you ensure OpenClaw can never send from your account even if it reads sensitive content.

PaioClaw vs. Self-Hosted

The email skill runs self-hosted without issues for personal Gmail and IMAP setups. The differences with PaioClaw:

OAuth token management: Gmail OAuth tokens need refresh. PaioClaw handles this and alerts you if re-authorization is needed. Self-hosted setups fail silently if a token expires overnight.

Mobile review workflow: PaioClaw’s mobile interface lets you review and approve drafts from your phone. Self-hosted requires opening your email client, finding drafts, and editing there.

Multi-account setups: If you manage multiple email accounts (personal, work, consulting), routing triage across all of them from one interface is more complex to self-host.

Plans start free, Smart at $15/mo, Genius at $25/mo.

Summary

Set up Gmail OAuth with the gmail.compose scope (not gmail.send), configure triage labels, and start with the morning triage recipe. This setup gives you labeled email, drafted replies, and a daily priority summary — without any risk of autonomous sending.

The triage recipe is where the skill pays for itself. Spending 5 minutes reviewing 4 drafted replies beats spending 40 minutes writing them from scratch. The AI doesn’t replace your judgment on what to say — it handles the mechanical work of writing a first draft based on context you’ve provided.

Never move to auto-send mode until you’ve reviewed at least 4-6 weeks of draft output and are confident in the quality. Even then, restrict auto-send to low-stakes, templated responses only.

Join Our Community

Connect with other PaioClaw users, share tips, and stay up to date.