Email is the canonical AI agent use case — and the most dangerous one to get wrong. An AI that reads your email and drafts replies is useful. An AI that autonomously sends email on your behalf can cause real damage: sending premature responses, triggering unsubscribes, or delivering confidential information to the wrong thread.
This guide covers all three auth flavors for the OpenClaw email skill, enforces the draft-only safety pattern as the starting point, and walks through a triage recipe that auto-labels and writes drafts but never sends without your explicit action.
Three Auth Flavors
Gmail with OAuth 2.0 (Recommended for Gmail Users)
OAuth is the correct approach for Gmail. It grants scoped access without exposing your password, and you can revoke it at any time from your Google Account settings.
Setup:
- Go to console.cloud.google.com
- Create a new project (or use an existing one)
- Enable the Gmail API under APIs & Services → Library
- Go to APIs & Services → Credentials → Create Credentials → OAuth 2.0 Client ID
- Application type: Desktop app
- Download the credentials JSON file
Scopes to request:
https://www.googleapis.com/auth/gmail.readonly # Read emails
https://www.googleapis.com/auth/gmail.modify # Add labels, mark read
https://www.googleapis.com/auth/gmail.compose # Create drafts
Do not request gmail.send scope unless you intend to enable auto-send. Requesting only gmail.compose means OpenClaw can create drafts but cannot send — a useful architectural constraint.
Run the OAuth flow:
@openclaw setup gmail oauth
OpenClaw opens a browser window for Google authorization. After you approve, it stores the refresh token securely. Access tokens are generated automatically from the refresh token — you don’t manage them manually.
gmail:
credentials_file: "~/.openclaw/gmail-credentials.json"
token_file: "~/.openclaw/gmail-token.json"
scopes:
- "https://www.googleapis.com/auth/gmail.readonly"
- "https://www.googleapis.com/auth/gmail.modify"
- "https://www.googleapis.com/auth/gmail.compose"
IMAP + SMTP (For Non-Gmail or Self-Hosted Email)
IMAP reads email; SMTP sends it. Together they cover the full email workflow for any provider that supports standard protocols: Outlook, FastMail, ProtonMail (with Bridge), Zoho, custom domains hosted anywhere.
email:
imap:
host: "imap.yourprovider.com"
port: 993
ssl: true
username: "[email protected]"
password: "${EMAIL_PASSWORD}" # Use env var, never hardcode
smtp:
host: "smtp.yourprovider.com"
port: 587
tls: true
username: "[email protected]"
password: "${EMAIL_PASSWORD}"
Common provider settings:
| Provider | IMAP Host | IMAP Port | SMTP Host | SMTP Port |
|---|---|---|---|---|
| Gmail | imap.gmail.com | 993 | smtp.gmail.com | 587 |
| Outlook | outlook.office365.com | 993 | smtp.office365.com | 587 |
| FastMail | imap.fastmail.com | 993 | smtp.fastmail.com | 587 |
| Zoho | imap.zoho.com | 993 | smtp.zoho.com | 587 |
Gmail-specific note: If you use Gmail via IMAP/SMTP instead of OAuth, you need to enable “Less secure app access” or generate an App Password if 2FA is on. The OAuth approach above is cleaner — IMAP/SMTP with Gmail is a fallback for specific setups.
Gmail via Google Workspace Service Account (Team/Enterprise)
If you’re managing email for a Google Workspace organization and want OpenClaw to access multiple accounts, service accounts with domain-wide delegation allow this without per-user OAuth flows.
This is an enterprise pattern. For personal use, stick with OAuth 2.0.
gmail_workspace:
service_account_file: "~/.openclaw/service-account.json"
delegate_to: "[email protected]"
scopes:
- "https://www.googleapis.com/auth/gmail.readonly"
- "https://www.googleapis.com/auth/gmail.compose"
Service accounts require a Google Workspace admin to enable domain-wide delegation — not available on personal Gmail accounts.
Draft-Only Safety Pattern: Why It’s the Default
Before configuring what OpenClaw does with email, understand why draft-only is the correct starting point.
What can go wrong with auto-send:
- Replying to a phishing email thinking it’s legitimate
- Sending an internal thread context to an external party in a forwarded reply
- Responding to a newsletter with a personal message because the AI misidentified it
- Confirming a meeting you haven’t actually checked your calendar for
- Sending a draft you marked “needs more thought” to the wrong thread
None of these are hypothetical. They happen. Draft-only mode prevents all of them.
The draft-only guarantee: In draft-only mode, OpenClaw never calls any send endpoint. It can create drafts (saved in your Drafts folder), add labels, mark emails read/unread, and archive — but no email leaves your outbox without you clicking Send.
email_skill:
mode: draft-only # draft-only | supervised | auto-send
# Start here. Always.
Supervised mode (the intermediate step): OpenClaw drafts replies and flags them for your approval. You review a daily queue of pending sends and approve or discard each. Good for high-volume, repetitive email like scheduling requests or standard customer responses.
Auto-send mode (advanced, use sparingly): Only for specific, well-defined email types with clear rules. Example: auto-confirming receipt of support tickets with a template response. Never for substantive replies.
Triage Recipe: Label, Draft, Never Send
This is the highest-value use of the email skill. It handles the tedious work — reading, categorizing, writing draft responses — while keeping you in control of everything that leaves your inbox.
Setup
Configure your label taxonomy first. These are the labels OpenClaw will apply:
email_labels:
- name: "ai/needs-reply"
color: red
description: "Requires a response"
- name: "ai/fyi-only"
color: blue
description: "No action needed, just awareness"
- name: "ai/waiting-on-them"
color: yellow
description: "Ball in their court"
- name: "ai/draft-ready"
color: green
description: "Draft reply created, needs review"
- name: "ai/newsletter"
color: gray
description: "Marketing/newsletter, low priority"
Create these in Gmail under Settings → Labels, or let OpenClaw create them:
@openclaw create my email triage labels
The Triage Workflow
@openclaw triage my inbox — label everything from the last 24 hours
For each email in the past 24 hours, OpenClaw:
- Reads sender, subject, body, and thread history
- Classifies the email:
- Is a reply required? (Needs-Reply)
- Is it informational? (FYI-Only)
- Is it a newsletter or marketing? (Newsletter)
- Is it something you’re waiting on a response for? (Waiting-On-Them)
- Labels accordingly
- For Needs-Reply emails: Drafts a reply and saves it to Drafts folder, then applies the
ai/draft-readylabel - Summarizes what it did
Triage summary output:
? Inbox Triage — May 19, 2026
Processed 23 emails:
• 4 → Needs Reply (drafts created)
• 11 → FYI Only (labeled, marked read)
• 6 → Newsletter (labeled)
• 2 → Waiting On Them (labeled)
Drafts ready for review:
1. Re: Project proposal from Sarah Chen — draft in Drafts folder
2. Re: Invoice #4421 query — draft in Drafts folder
3. Re: Meeting reschedule request — draft in Drafts folder
4. Re: Partnership inquiry — draft in Drafts folder
Review drafts, edit as needed, then send. Nothing has been sent.
Reviewing Drafts
@openclaw show me the drafts you created today
Draft 1/4: Re: Project proposal from Sarah Chen
To: [email protected]
Subject: Re: Project proposal
Hi Sarah,
Thanks for sending this over. I've had a chance to review the proposal
and have a few questions before we move forward:
1. What's the expected timeline for the discovery phase?
2. Is the budget estimate inclusive of all third-party tools?
3. Who would be the primary point of contact on your team?
Happy to jump on a call this week if that's easier. Let me know
what works for you.
Best,
[Your name]
[SEND] [EDIT] [DISCARD]
You send directly from your email client (Gmail, Outlook, etc.) or approve from the OpenClaw interface if you’re using PaioClaw’s web UI.
Auto-Triage on Schedule
@openclaw triage my inbox every morning at 8am
OpenClaw sets a daily job. Each morning at 8am, your inbox is labeled and drafts are waiting in your Drafts folder before you open your email.
Smart Reply Drafting
The quality of drafted replies depends on context. Give OpenClaw more context for better drafts:
@openclaw when drafting replies, here's context about me:
- I'm a freelance product consultant
- Standard project rate is $150/hour
- I prefer async communication over calls when possible
- I'm usually available Mon-Thu for new project discussions
OpenClaw stores this in your preferences and uses it when drafting. The partnership inquiry draft will mention your rate. The meeting request draft will suggest Tuesday or Wednesday.
Thread Summarization
For long email threads you’ve been CC’d on:
@openclaw summarize the thread "Re: Q3 Product Roadmap" and tell me if I need to do anything
Thread Summary: Q3 Product Roadmap (14 emails, May 10-19)
The team debated scope for Q3. Main discussion: whether to prioritize
the mobile redesign or the API performance improvements.
Decision reached on May 17: API performance takes priority. Mobile
redesign pushed to Q4.
Your involvement: You were CC'd but haven't responded. Marcus asked
on May 15 if you had bandwidth to consult on the API work — that
question appears unanswered.
Suggested action: Reply to Marcus's May 15 email about API consulting.
Priority Inbox Pattern
@openclaw when I open my email, tell me the 3 things I actually need to deal with today
Morning Email Priority — May 19, 2026
1. ? REPLY NEEDED: Invoice dispute from Client Corp — 3 days old, needs response
2. ? DECISION: Team async vote closing today at 5pm — you haven't voted
3. ? FYI: Your domain renewal is in 7 days — action optional but noted
Everything else can wait. 18 other emails labeled and triaged.
Handling Sensitive Email
OpenClaw reads all email it has access to. For sensitive email (legal, HR, confidential communications), you should either:
-
Exclude specific labels or senders from OpenClaw’s triage:
email_skill: exclude_labels: ["Legal", "Confidential", "HR"] exclude_senders: ["[email protected]", "[email protected]"] -
Use a separate email account for sensitive correspondence that OpenClaw doesn’t have access to
The OAuth scope approach helps here — by not granting gmail.send, you ensure OpenClaw can never send from your account even if it reads sensitive content.
PaioClaw vs. Self-Hosted
The email skill runs self-hosted without issues for personal Gmail and IMAP setups. The differences with PaioClaw:
OAuth token management: Gmail OAuth tokens need refresh. PaioClaw handles this and alerts you if re-authorization is needed. Self-hosted setups fail silently if a token expires overnight.
Mobile review workflow: PaioClaw’s mobile interface lets you review and approve drafts from your phone. Self-hosted requires opening your email client, finding drafts, and editing there.
Multi-account setups: If you manage multiple email accounts (personal, work, consulting), routing triage across all of them from one interface is more complex to self-host.
Plans start free, Smart at $15/mo, Genius at $25/mo.
Summary
Set up Gmail OAuth with the gmail.compose scope (not gmail.send), configure triage labels, and start with the morning triage recipe. This setup gives you labeled email, drafted replies, and a daily priority summary — without any risk of autonomous sending.
The triage recipe is where the skill pays for itself. Spending 5 minutes reviewing 4 drafted replies beats spending 40 minutes writing them from scratch. The AI doesn’t replace your judgment on what to say — it handles the mechanical work of writing a first draft based on context you’ve provided.
Never move to auto-send mode until you’ve reviewed at least 4-6 weeks of draft output and are confident in the quality. Even then, restrict auto-send to low-stakes, templated responses only.

