openclaw email skills compared: himalaya vs gog vs lobstermail
A detailed comparison of the three main email skills on ClawHub — what each one actually requires to set up, and where they fall short.
If you're browsing ClawHub for email skills, you've probably noticed the same three names showing up: Himalaya, Gog, and LobsterMail. They all promise to give your OpenClaw agent email access. They solve it in fundamentally different ways.
I've set up all three. This is what each one actually looks like once you get past the README.
Himalaya: the IMAP workhorse#
Himalaya is the most popular email skill on ClawHub, and for good reason. It's a standalone CLI email client that connects to any IMAP/SMTP server. Install the skill, point it at a mailbox, and your agent can read, send, and manage messages through shell commands.
The install is clean:
clawhub install himalaya
After that, you edit ~/.config/himalaya/config.toml with your mail server credentials. For Gmail, that means either an app password (if you have 2FA enabled) or OAuth2 tokens through Google Cloud Console.
Here's a minimal Gmail config:
[accounts.gmail]
email = "you@gmail.com"
backend.type = "imap"
backend.host = "imap.gmail.com"
backend.port = 993
backend.auth.type = "password"
backend.auth.raw = "your-app-password"
message.send.backend.type = "smtp"
message.send.backend.host = "smtp.gmail.com"
message.send.backend.port = 465
message.send.backend.auth.type = "password"
message.send.backend.auth.raw = "your-app-password"
That looks reasonable on paper. In practice, you'll run into a few things the docs don't emphasize.
Polling delay. Himalaya uses IMAP polling. Your agent checks for new mail on an interval, typically every 1-5 minutes. If someone emails your agent expecting a fast response, there's a gap. For triage workflows or time-sensitive automation, that gap matters.
OAuth2 complexity. If you don't want a raw password in a config file (you shouldn't), you need OAuth2. That means creating a GCP project, configuring a consent screen, generating client credentials, and implementing the token exchange. Users on r/openclaw regularly report the agent can't find the Himalaya tool even after the CLI works fine locally, and the skill's GitHub issues include incorrect command syntax in the official documentation.
Config fragility. OpenClaw Discussion #4220 documents a recurring problem: the Himalaya config gets stripped when the instance restarts. If your agent loses its credentials between sessions, it can't read mail until someone manually fixes the TOML file.
Himalaya works well for what it is. It's lightweight, it supports providers beyond Gmail (Outlook, Fastmail, self-hosted), and it doesn't require a Google Workspace subscription. But it's a general-purpose CLI email client adapted into an OpenClaw skill, not something built for agents from the ground up.
Gog: the Google Workspace mega-skill#
Gog takes the opposite approach from Himalaya. Instead of wrapping a single protocol, it wraps the entire Google Workspace suite. Gmail, Calendar, Drive, Docs, Sheets — all accessible to your agent through one skill.
clawhub install gog
That's the easy part. The hard part is authentication.
Gog requires the gogcli tool for OAuth setup. You need a GCP project with billing enabled, the Gmail API and any other Workspace APIs you want activated, OAuth credentials with correctly scoped permissions, and a redirect URI configured for the authentication flow.
For email specifically, you'll scope at minimum gmail.readonly and gmail.send. But since Gog covers the full Workspace suite, most setups request broader permissions. Google's verification requirements scale with scope breadth — restricted scopes like full mail access (https://mail.google.com/) trigger a mandatory third-party security audit if you ever push the app to production.
The real-time question is where Gog gets interesting and painful simultaneously. Without additional setup, Gog polls Gmail the same way Himalaya does. To get instant delivery, you need Google Cloud Pub/Sub: create a topic, create a subscription, configure a push endpoint that your OpenClaw instance can receive, and set up a watch on the Gmail inbox that publishes notifications to your topic. That's a GCP billing account, Pub/Sub API enabled, a publicly accessible webhook URL, and IAM permissions configured correctly.
If you're already paying for Google Workspace ($6-18/month per seat) and your agent needs Calendar and Drive access alongside email, Gog is the logical choice. You're already inside Google's ecosystem. But if you only need email, Gog is a lot of infrastructure for one capability.
Both Himalaya and Gog share a problem that no amount of configuration can fix: your agent operates inside your personal inbox. Every message you've ever received sits in its context window. A Meta alignment researcher recently discovered what that means in practice when her OpenClaw agent started bulk-deleting emails during an inbox triage session. She had to physically unplug her machine to stop it.
LobsterMail: the agent-first skill#
LobsterMail approaches the problem differently. Instead of connecting your agent to an existing inbox, the agent gets its own.
clawhub install lobstermail
Then tell your agent: "Get yourself an email inbox." That's the whole setup. Behind the scenes, the agent calls LobsterMail.provision() and gets a dedicated address like my-agent@lobstermail.ai. No GCP project. No OAuth. No TOML config.
If you want to see the code:
import { LobsterMail } from "@lobstermail/sdk";
const client = new LobsterMail();
const inbox = await client.provision({ name: "my-agent" });
// my-agent@lobstermail.ai — ready to receive
There's no polling delay. Incoming mail arrives via webhooks the moment it's delivered, or through WebSocket if you prefer a persistent connection. The agent's inbox is completely isolated from your personal email, so a misbehaving agent can't touch your bank statements or fire off replies to your colleagues at 3 AM.
Every incoming message goes through prompt injection scanning across six categories before reaching the agent. The SDK's safeBodyForLLM() method gives your agent the email content with injection attempts stripped. Neither Himalaya nor Gog have anything equivalent.
Pricing is straightforward. The free tier covers receiving. The Builder plan at $9/month adds sending, unlimited inboxes, and custom domains. No per-inbox caps, no surprise jumps.
Info
LobsterMail is currently in pre-launch. The SDK and pricing reflect the intended design. Join the waitlist for early access.
Setup comparison, side by side#
| Himalaya | Gog | LobsterMail | |
|---|---|---|---|
| Install command | clawhub install himalaya | clawhub install gog | clawhub install lobstermail |
| Additional setup | TOML config + credentials | gogcli + GCP project + OAuth | None |
| Time to working email | 15-30 min | 1-3 hours | ~60 seconds |
| Real-time delivery | No (IMAP polling) | Only with Pub/Sub | Yes (webhooks/WebSocket) |
| Agent gets own inbox | No | No | Yes |
| Personal inbox exposed | Yes | Yes | No |
| Prompt injection defense | No | No | Yes |
| Works beyond Gmail | Yes (any IMAP server) | No (Google only) | Yes (dedicated address) |
| Cost | Free (+ email provider) | Free (+ Workspace $6-18/mo) | Free receive / $9/mo send |
The shared inbox problem#
This deserves its own section because it's the one thing people underestimate until they've been burned.
When your agent connects through Himalaya or Gog, it accesses your entire mailbox. Not just new messages. Everything. That password reset from your bank last Tuesday. That medical appointment confirmation. That argument with your landlord.
A crafted email can exploit this. Security researchers have documented how a single prompt injection embedded in a message body can instruct an agent to search for sensitive data, forward it to an external address, or delete messages to cover its tracks. Google's all-or-nothing permission model means there's no way to give the agent read access to new mail while hiding historical messages.
This isn't theoretical. The Bitsight analysis of OpenClaw agents found cases where agents "went through a personal inbox and replied to a few emails — autonomously and without explicit per-action permission." That's your reputation on the line, sent from your real email address, with your real name attached.
A dedicated agent inbox eliminates the category entirely. The agent only sees what's sent to its address. If it misbehaves, the damage is contained to a throwaway inbox on the reef, not your professional identity.
Which skill to pick#
Choose Himalaya if you need email from a non-Gmail provider (Outlook, Fastmail, self-hosted), you're fine with polling delay, and your use case is simple enough that personal inbox exposure isn't a concern. It's the most portable option.
Choose Gog if your agent needs the full Google Workspace suite and you're already paying for it. Calendar integration, Drive access, and Gmail in one skill is genuinely useful for executive assistant workflows. Accept that setup will take an evening.
Choose LobsterMail if your agent needs its own identity, you care about prompt injection defense, or you're running multiple agents that each need a separate address. It's the only ClawHub email skill where the agent provisions its own inbox without human intervention.
I built LobsterMail because I kept spending evenings debugging OAuth tokens and TOML configs when I just wanted my agent to have email. If that resonates, give it a try.
Frequently asked questions
Which email skill is most popular on ClawHub?
Himalaya has the most installs on ClawHub. It's been around longer and has a broad user base beyond the OpenClaw community since it's a standalone CLI email client. LobsterMail is newer and purpose-built for agents.
Can I install multiple email skills on the same OpenClaw instance?
Yes. OpenClaw skills are modular. You can run Himalaya for reading your personal Gmail while using LobsterMail for the agent's own outbound address. There's no conflict between them.
Does Himalaya support OAuth2 with Gmail?
Yes, but setup requires creating a Google Cloud project, configuring an OAuth consent screen, and generating client credentials. Users frequently report issues with token expiry and the agent failing to find the Himalaya tool after installation. The raw password method in the TOML config is simpler but less secure.
How much does it cost to use Gog with Google Workspace?
The Gog skill itself is free. Google Workspace plans range from $6 to $18 per user per month. If you only have a free Gmail account, Gog still works but with stricter API rate limits and no custom domain support. Pub/Sub for real-time delivery requires a GCP billing account, though the free tier covers most agent use cases.
What is the polling delay with Himalaya and how does it affect agents?
Himalaya checks for new mail every 1-5 minutes via IMAP polling. For workflows that need fast responses — like customer support triage or time-sensitive notifications — this delay can cause missed SLAs. LobsterMail and Gog (with Pub/Sub) both offer real-time delivery.
Can my agent send email on the free LobsterMail tier?
The free tier is receive-only. Your agent gets a working inbox and can read all incoming messages at no cost. The Builder plan at $9/month unlocks sending, custom domains, and unlimited inboxes.
Is there a risk of Google banning my account for using Himalaya or Gog?
Yes. Google detects automation patterns and can suspend accounts without warning. Users on Reddit have reported bans after connecting agents to Gmail. Using a dedicated Gmail account for your agent reduces the risk to your personal inbox but doesn't eliminate the ban risk entirely.
Does LobsterMail work with email providers other than Gmail?
LobsterMail doesn't connect to existing email providers. It gives your agent a dedicated address (like agent@lobstermail.ai or a custom domain). Anyone with any email provider can send messages to your agent's address. It's standard email.
What is prompt injection scanning and do any other ClawHub skills have it?
Prompt injection is when hidden instructions in an email trick your agent into performing unintended actions. LobsterMail scans incoming messages across six categories — boundary manipulation, system prompt override, data exfiltration, role hijacking, tool invocation, and encoding tricks — before the agent processes them. No other email skill on ClawHub includes this.
Can I use a custom domain with any of these skills?
With Himalaya, you use whatever address your IMAP server provides. With Gog, you use your Gmail or Workspace domain. With LobsterMail, custom domains are available on the $9/month Builder plan — you bring your own domain and LobsterMail handles SPF, DKIM, and DMARC configuration.
What happens if my Himalaya config gets wiped on restart?
This is a known issue documented in OpenClaw Discussion #4220. The workaround is to store your Himalaya config outside the OpenClaw workspace and symlink it, or use a startup script that copies the config into place before the agent launches. LobsterMail avoids this entirely since there's no local config to maintain.
Is there an email skill on ClawHub that works without any Google account?
Himalaya works with any IMAP/SMTP provider, not just Gmail. LobsterMail doesn't require any existing email account at all — the agent provisions its own inbox independently. Gog is Google-only.
How does this article differ from the full OpenClaw email options comparison?
Our broader comparison covers Himalaya, Gog, AgentMail, and LobsterMail. This article focuses specifically on ClawHub skills, goes deeper on each skill's setup process, and is aimed at people browsing ClawHub deciding which email skill to install.
Give your agent its own email. Get started with LobsterMail — it's free.