OpenClaw
Email Sandbox Automation for OpenClaw
When talking about OpenClaw and security, people often mention API access, file permissions, network restrictions, and similar. However, email seems to be often overlooked in this discussion.
At first glance, emails are just another integration. But unlike internal actions, once a message leaves OpenClaw, sensitive information is already in the hands of the attacker
This guide shows you how to integrate Email Sandbox with OpenClaw so your agent can send emails safely to a sandbox inbox instead of real recipients. This way, you will give your AI agents the capability to:
Route agent SMTP to Email Sandbox: Change a few configuration settings, and all your agents' outgoing email goes to your Email Sandbox.
Inspect via UI or API: Review emails in Mailtrap's web interface or fetch them programmatically before you move to production.
Zero risk to real recipients: No matter what the agent does, emails stay contained within the Sandbox.
Why use Email Sandbox with OpenClaw?
Giving an AI agent email access means enabling it to communicate with the outside world on your behalf. So, for instance, a misinterpreted instruction or a prompt injection attack could send emails you never intended, including ones containing sensitive information.
The community has already seen warning signs:
A user's OpenClaw discovered an insurance rejection email, drafted a rebuttal citing policy language, and sent it without explicit permission. "My @openclaw accidentally started a fight with Lemonade Insurance," he tweeted. "I ignored the draft, and he sent it for me."
Source: Twitter (@Hormold)
After connecting OpenClaw to iMessage, one user's agent got stuck in a loop and sent 500+ messages to his wife and random contacts. He had to pull the power cord to stop it.
Source: Chris Boyd
Security researchers sent an email containing hidden instructions to an OpenClaw inbox. When the agent checked mail, it handed over a private key from the machine with no prompts or confirmations.
Source: Kaspersky
How Email Sandbox helps: Your agent "sends" emails normally, but instead of reaching real recipients, every message lands in your Mailtrap inbox where you can inspect it safely.
How to connect Email Sandbox to OpenClaw
Before we begin, make sure you have:
OpenClaw installed and running
A free Mailtrap account
A Mailtrap API token and Sandbox ID
Getting your Mailtrap credentials
Log in to your Mailtrap account
Go to Settings → API Tokens, and create a new key
Navigate to Sandboxes and select your inbox (or create a new one)
Note your Sandbox ID from the URL bar
Step 1. Install the Mailtrap skill
We have prepared an OpenClaw skill so that you can start sending to the Sandbox right away. Currently, it’s available as a GitHub Gist.
To install it:
Download the skill file (SKILL.md).
Place it in your OpenClaw workspace's skills directory.
Step 2. Add the Mailtrap credentials
Set skills.entries.email_sandbox.env in ~/.openclaw/openclaw.json to include
MAILTRAP_API_TOKENandMAILTRAP_INBOX_ID.Replace
your-api-token-hereandyour-inbox-id-herewith your actual Mailtrap credentials.
Step 3. Verify the integration
If you followed everything correctly so far, your OpenClaw agent should be able to send emails using the email_sandbox skill. To verify the integration, try sending a test email.
For example, here’s an email AI tried to send for us in our Sandbox:
The email never left Sandbox and no real recipient received it.
What else can the Email Sandbox skill do?
The email_sandbox skill supports the following request parameters:
from
object
Yes ✅
Sender info: {"email": "...",
"name": "..."}
(name is optional)
to
string
Yes ✅
Recipients: [{"email": "..."}]
subject
string
Yes ✅
Email subject line
text
string
Yes ✅
Plain text body
html
string
No ☑️
HTML body (alternative to plain text)
category
string
No ☑️
Category for organizing emails in Mailtrap
For the complete API specification, see the Mailtrap API documentation.
Troubleshooting
If no emails are landing in your Sandbox:
Verify your
MAILTRAP_API_TOKENis correct.Check that
MAILTRAP_INBOX_IDmatches your inbox.Ensure the skill environment variables are properly configured in openclaw.json.
Check the OpenClaw logs for any error messages from the curl command.
If you see a 401 or 403 error:
Regenerate your API token in Mailtrap.
Update the token in your OpenClaw configuration.
Restart OpenClaw to pick up the new configuration.
If the API returns a JSON parsing error:
Check for unescaped special characters in the email content.
Use the
jqapproach shown above for complex content.Ensure all required fields (
from,to,subject,text) are present.
For more information and details on Email Sandbox and OpenClaw, feel free to consult the official documentation:
What's next
Once you've verified the integration works, you can:
Iterate on your workflows: Build automations that involve email, confident that nothing goes out accidentally.
Review agent behavior: Check what emails your agent attempts to send before trusting it with real email.
Move on to production: When you're confident in your agent's email behavior, you can switch from the Sandbox API to Mailtrap's Email API for real delivery.
Last updated
Was this helpful?