openclaw lobstermail email workflow patterns: a quickstart guide
Learn the built-in OpenClaw email workflow patterns with LobsterMail, from inbox triage to shared task sync, and get your first automation running in minutes.
Last week I watched an OpenClaw agent triage 340 emails in under two minutes. It flagged three as urgent, archived 200 newsletters, and drafted replies to the rest. The whole thing ran on a single workflow pattern and a LobsterMail inbox the agent had provisioned itself.
That's the part most guides skip. They show you how to wire up IMAP credentials, configure SMTP relay settings, store passwords in a keychain, and hope nothing breaks when your token expires at 2 AM. But the agent doesn't care about any of that. It just needs an inbox it controls and a workflow pattern to follow.
This guide covers the built-in workflow patterns available when you pair OpenClaw with LobsterMail, and walks through getting your first one running. If you'd rather skip the credential juggling and let your agent own its own inbox, .
Why LobsterMail instead of IMAP/SMTP?#
The traditional path to giving an OpenClaw agent email access looks like this: create a Gmail or Outlook account (as a human), enable IMAP, generate an app password or navigate the OAuth consent flow, store those credentials somewhere the agent can reach them, and pray Google doesn't flag the account for "unusual activity" next Tuesday.
LobsterMail removes that entire chain. Your agent calls LobsterMail.create(), gets a token, and provisions its own inbox. No human signup. No stored passwords. No OAuth dance. The token format (lm_sk_live_*) is purpose-built for agents, and it persists automatically at ~/.lobstermail/token.
We covered the self-signup model in depth in agent self-signup: why the agent should create its own inbox. The short version: when the agent owns its credentials from the start, you eliminate an entire class of configuration failures.
This matters for workflow patterns because every pattern assumes the agent has reliable email access. If your IMAP connection drops mid-triage, the workflow breaks. LobsterMail's agent-native approach means the inbox is always there, always authenticated, always ready.
OpenClaw LobsterMail workflow patterns#
Here are the built-in patterns you can run with OpenClaw and a LobsterMail inbox:
- Inbox triage sorts incoming email by urgency, sender, and topic, then routes messages to folders or flags them for human review.
- Weekly review runs on a schedule to summarize the past week's email activity, surface anything unresolved, and generate a digest.
- Memory consolidation extracts key facts, contacts, and commitments from email threads and writes them to the agent's long-term memory store.
- Shared task sync lets multiple agents coordinate through a shared inbox, claiming tasks and posting status updates via email.
- Auto-reply drafting generates context-aware reply drafts based on conversation history and waits for approval before sending.
- Verification extraction monitors for signup confirmation emails, extracts codes or links, and completes registration flows automatically.
Each pattern is a reusable building block. You can run them independently or chain them together. Inbox triage feeds into auto-reply drafting. Weekly review pulls from the memory consolidation store. The patterns compose naturally because they all operate on the same inbox primitives.
Quickstart: your first email workflow in five minutes#
Let's get inbox triage running. This is the pattern most people start with because it delivers visible results immediately.
Step 1: give your agent an inbox#
import { LobsterMail } from '@lobsterkit/lobstermail';
const lm = await LobsterMail.create();
const inbox = await lm.createSmartInbox({ name: 'My Triage Agent' });
console.log(inbox.address); // my-triage-agent@lobstermail.ai
That's it. No DNS records to configure. No app passwords to generate. The agent has an address and can start receiving email. If you've read the OpenClaw email setup nobody talks about (it takes 60 seconds), you know this is the same one-step process.
Step 2: fetch and classify#
const emails = await inbox.receive();
for (const email of emails) {
const category = await classifyEmail(email); // your LLM call
console.log(`${email.subject} → ${category}`);
}
The receive() method returns emails with built-in security metadata, including injection risk scores. Your classification function can factor that in. An email flagged as high-risk probably shouldn't trigger an auto-reply without human approval.
Step 3: add approval gates#
This is where most tutorials stop, but real workflows need a human checkpoint. OpenClaw's approval gate pattern lets you pause execution, notify a human, and resume when they approve.
The flow works like this: your agent triages email normally, but when it encounters something that requires action (sending a reply, forwarding sensitive data, triggering an external API), it pauses and emits a resume token. The human reviews the proposed action and either approves or rejects. On approval, the agent picks up exactly where it left off using that token.
// Agent pauses here and emits a resumeToken
const token = await workflow.requestApproval({
action: 'send-reply',
draft: replyText,
to: email.from,
});
// Later, after human approval:
await workflow.resume(token);
The resume token is a string identifier that encodes the full workflow state. You don't need to serialize anything yourself. The agent stores the token, and when the human approves (via a dashboard click, a Slack reaction, or even a reply email to the agent's inbox), the workflow continues.
This pattern is what separates a demo from a production system. Without approval gates, your agent is one hallucinated reply away from emailing a client something embarrassing.
Running multiple patterns simultaneously#
A common question: can inbox triage and weekly review run at the same time on the same inbox? Yes. Each pattern operates as an independent workflow with its own polling interval and state. Inbox triage might run every 30 seconds. Weekly review runs once on Friday afternoons. Memory consolidation runs nightly. They all read from the same inbox but maintain separate cursors, so they never interfere with each other.
The shared task sync pattern is the exception. It's designed for multi-agent setups where two or more agents share a single LobsterMail inbox. Agent A claims a task by replying to a thread. Agent B sees the claim and moves on. This coordination happens through email conventions (specific subject line prefixes, thread IDs) rather than external state stores.
For teams exploring what agents can actually do with their own inbox, 7 things your AI agent can do with its own email covers the broader picture beyond workflow automation.
LobsterMail vs. IMAP/SMTP: a quick comparison#
| LobsterMail | IMAP/SMTP | |
|---|---|---|
| Setup time | ~60 seconds | 15-30 minutes |
| Human required | No | Yes (account creation, app passwords) |
| Credential storage | Agent-managed token | You manage passwords/OAuth tokens |
| Token expiry risk | None (persistent) | OAuth tokens expire, app passwords get revoked |
| Injection protection | Built-in risk scoring | None (raw email content) |
| Cost | Free tier: 1,000 emails/mo | Depends on provider |
| Custom domains | Supported (Builder plan) | Depends on provider |
The tradeoff is control. IMAP/SMTP gives you access to an existing mailbox with years of history. LobsterMail gives your agent a fresh, purpose-built inbox it fully controls. For most agent workflows, starting clean is an advantage, not a limitation. You don't want your triage bot accidentally processing three years of personal email.
Security: credentials vs. tokens#
One of the persistent headaches with IMAP/SMTP setups is credential management. Some people store passwords in environment variables (risky if your .env leaks). Others use 1Password CLI or macOS Keychain, which adds complexity and sometimes breaks in headless environments where agents typically run.
LobsterMail tokens follow a different model. The token is generated during auto-signup, stored at ~/.lobstermail/token, and scoped to your agent's account. There's no password to rotate, no OAuth refresh cycle to manage, no risk of a third-party provider revoking access because they detected "bot-like activity." The agent created the account. The agent owns the token. That's the whole story.
For details on how LobsterMail scores inbound email for injection risk, the security docs explain the scoring model.
Where to go from here#
Pick one workflow pattern and run it for a week. Inbox triage is the easiest starting point because the feedback loop is fast: you can see exactly how your agent categorized each message and adjust your classification prompt accordingly. Once triage feels solid, layer on auto-reply drafting with approval gates. Then add weekly review.
The patterns build on each other, but they're also independent. You don't need to implement all six to get value. One well-tuned triage workflow beats six half-configured ones every time.
Frequently asked questions
What is LobsterMail and how does it differ from a standard IMAP/SMTP setup for OpenClaw?
LobsterMail is agent-first email infrastructure. Your agent provisions its own inbox with no human signup, no OAuth, and no stored passwords. IMAP/SMTP requires you to create an account manually, configure credentials, and manage token refresh cycles.
How do I give my OpenClaw agent its own email address using LobsterMail?
Call LobsterMail.create() followed by createSmartInbox({ name: 'My Agent' }). The agent gets a human-readable @lobstermail.ai address in seconds. .
Do I need OAuth or human signup to use LobsterMail with OpenClaw?
No. The SDK handles account creation automatically. No human needs to visit a signup page, approve an OAuth consent screen, or generate app passwords.
What workflow patterns does OpenClaw support with LobsterMail?
The main patterns are inbox triage, weekly review, memory consolidation, shared task sync, auto-reply drafting, and verification extraction. Each runs independently and can be combined.
What is a resumeToken and how do I use it to continue a paused workflow?
A resumeToken is a string that captures the full state of a paused workflow. When an approval gate fires, the agent emits a token. After human approval, calling workflow.resume(token) picks up exactly where execution stopped.
How do approval gates work in OpenClaw email workflows?
The agent pauses before a sensitive action (like sending a reply), emits a resume token, and waits for human approval. The human reviews the proposed action and approves or rejects it. On approval, the workflow resumes automatically.
Can I run inbox triage and weekly review simultaneously on the same inbox?
Yes. Each pattern maintains its own polling interval and cursor. They read from the same inbox without interfering with each other.
How does shared task sync work for multi-agent email coordination?
Multiple agents share a LobsterMail inbox and coordinate through email conventions like subject line prefixes and thread IDs. When one agent claims a task by replying to a thread, others see the claim and move on.
Is LobsterMail's free tier sufficient for a production OpenClaw email automation?
The free tier includes 1,000 emails per month with full send and receive capabilities. For light automation (daily triage, weekly reviews), that's plenty. Higher-volume workflows may need the Builder plan at $9/mo for 5,000 emails/month.
How does LobsterMail handle credential management compared to IMAP/SMTP configs?
LobsterMail stores a single agent-owned token at ~/.lobstermail/token. There's no password rotation, no OAuth refresh, and no risk of a provider revoking access for "bot-like activity."
Does OpenClaw work with Gmail for email automation?
OpenClaw can connect to Gmail via IMAP/SMTP, but it requires manual account setup, app passwords or OAuth, and ongoing credential management. LobsterMail removes those steps entirely.
What is the memory consolidation workflow pattern and when should I use it?
Memory consolidation extracts key facts, contacts, and commitments from email threads and writes them to the agent's long-term memory. Run it nightly to keep your agent's knowledge base current without re-reading old threads.
What is the difference between LobsterMail and AgentMail for OpenClaw?
LobsterMail is agent-first: the agent self-provisions inboxes with no human involvement. AgentMail typically requires human-side setup and API key management. LobsterMail also includes built-in injection risk scoring on inbound email.
How do I quickstart an OpenClaw email automation from zero to first automated reply?
Install the SDK with npm install @lobsterkit/lobstermail, call LobsterMail.create(), provision an inbox with createSmartInbox(), fetch emails with receive(), and classify them with your LLM. Add an approval gate before any outbound replies.
