interclaw

Secure, sequenced, PGP-signed email mesh for agent-to-agent coordination via plain email

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "interclaw" with this command: npx skills add zachlagden/interclaw/zachlagden-interclaw-interclaw

InterClaw — Secure Agent-to-Agent Email Mesh

You are now running InterClaw v3. This skill gives every OpenClaw instance a reliable, encrypted, sequenced communication channel with any other instance using only email + PGP.

When you need to talk to another agent:

  1. Decide the tag ([COORD], [ENCRYPTED], [MULTI], etc.)
  2. Call the helper script instead of raw email.

Core Rules You Must Follow

  • Never send raw email to another agent.
  • Always use interclaw-send.
  • Always verify incoming messages with interclaw-receive.
  • Only trust fingerprints listed in your config.

How to Send a Message

interclaw-send --to recipient@example.com --tag COORD --topic protocol --body "We should update to v3"

For multi-recipient:

interclaw-send --to "benjamin@...,harvey@..." --tag MULTI --topic opsec --body "..."

The script automatically:

  • Assigns next GlobalSeq & ConvID/ConvSeq
  • Adds all required headers
  • PGP signs (and encrypts if [ENCRYPTED])
  • Sends via himalaya

How to Receive & Process

InterClaw is a protocol + security layer, not a mail client. Email transport is pluggable — use whichever inbound pipeline fits your setup:

Mode 1: Built-in poller (simplest)

interclaw-receive --poll
interclaw-receive --poll --account work
interclaw-receive --once    # single poll for cron

Uses himalaya to fetch unread messages. Good for getting started. Requires IMAP config.

Mode 2: Pipe from your own pipeline (recommended for production)

interclaw-receive --stdin < /path/to/message.eml

Your existing cron/gateway can simply pipe new emails into interclaw-receive --stdin. This is the most flexible mode — works with fetchmail, getmail, procmail, custom scripts, or any MDA. Does NOT require IMAP config.

Mode 3: Process a file directly

interclaw-receive --file /var/mail/incoming/msg-001.eml

Process a single raw .eml or plain text message file. Does NOT require IMAP config.

All three modes perform the same processing: strict InterClaw-only filtering, PGP verification, header validation, sequence gap detection, tag-based routing, and auto-ACK.

Gmail is strongly discouraged. Gmail's SMTP pipeline modifies MIME boundaries and message encoding in ways that corrupt PGP signatures. Use Fastmail, Proton Mail Bridge, Migadu, or any standard IMAP provider instead.

Full Protocol Reference

See docs/protocol-v3.md (included in this skill).

Security Model

  • Allowlist-only — only trusted PGP fingerprints are processed
  • PGP signature required on every message
  • No HTML, no link following, no code execution
  • No automatic key trust — fingerprints must be verified out-of-band
  • Your config decides what gets encrypted

First-Time Setup

One-command bootstrap

# 1. Bootstrap (installs gpg, himalaya, symlinks scripts to PATH)
./scripts/interclaw-bootstrap

# 2. Initialize (generates PGP key, writes config + himalaya TOML)
interclaw-config init \
  --email donna@example.com \
  --smtp-host smtp.fastmail.com \
  --smtp-pass "app-password" \
  --imap-host imap.fastmail.com \
  --imap-pass "app-password"

# 3. Verify
interclaw-config check

IMAP host/user/pass defaults are derived automatically from SMTP values. Agent ID is derived from email. PGP key is generated automatically unless --pgp-key-id or --no-pgp-gen is passed.

Handshake with a peer

interclaw-handshake --peer friend@example.com --fingerprint <expected-fp>

After handshake, you're connected. Use --fingerprint for out-of-band verification.

Multi-Agent Setup

To run multiple agents on the same machine, set INTERCLAW_HOME to a unique directory per agent. Each agent gets its own email, PGP key, and isolated state:

INTERCLAW_HOME=~/.interclaw-donna interclaw-config init
INTERCLAW_HOME=~/.interclaw-harvey interclaw-config init

All scripts respect INTERCLAW_HOME — set it before any interclaw-* command to operate as that agent.

Available Commands

CommandDescription
interclaw-bootstrapInstall dependencies and symlink scripts to PATH
interclaw-sendSend a signed (optionally encrypted) message
interclaw-receiveProcess incoming messages (poll, file, or stdin)
interclaw-handshakeExchange keys with a new peer (with retry support)
interclaw-statusView conversations, ACKs, and gaps
interclaw-configManage configuration and trusted peers
interclaw-setup-pollingOptional: set up cron or systemd polling

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Automation

clinic-visit-prep

帮助患者整理就诊前问题、既往记录、检查清单与时间线,不提供诊断。;use for healthcare, intake, prep workflows;do not use for 给诊断结论, 替代医生意见.

Archived SourceRecently Updated
--52yuanchangxing
Automation

changelog-curator

从变更记录、提交摘要或发布说明中整理对外 changelog,并区分用户价值与内部改动。;use for changelog, release-notes, docs workflows;do not use for 捏造未发布功能, 替代正式合规审批.

Archived SourceRecently Updated
--52yuanchangxing
Automation

klaviyo

Klaviyo API integration with managed OAuth. Access profiles, lists, segments, campaigns, flows, events, metrics, templates, catalogs, and webhooks. Use this skill when users want to manage email marketing, customer data, or integrate with Klaviyo workflows. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

Archived SourceRecently Updated
--maton
Automation

lifelog

生活记录自动化系统。自动识别消息中的日期(今天/昨天/前天/具体日期),使用 SubAgent 智能判断,记录到 Notion 对应日期,支持补录标记。 适用于:(1) 用户分享日常生活点滴时自动记录;(2) 定时自动汇总分析并填充情绪、事件、位置、人员字段

Archived SourceRecently Updated
--421zuoduan