OpenClaw Email Setup: Connect Your AI Agent to Gmail, Outlook, and Any Inbox

Your OpenClaw agent can read, triage, and draft replies to email. The whole setup takes about 15 minutes if you know what to watch out for. And there's one gotcha that trips up probably 80% of people on their first attempt.

You can't use your regular Gmail password.

That's the number one reason people think the integration is broken. It's not. Google retired basic auth for IMAP years ago. You need a 16-character App Password instead. More on that in a second.

Two Skills, One Job

OpenClaw has two paths to email access. Both use standard IMAP/SMTP under the hood.

imap-smtp-email is the popular choice. It's built on Node.js, has 268 active installs on LLMBase, and installs with a single command: clawhub install imap-smtp-email. If you're just getting started with your openclaw email setup, this is probably the right pick.

Himalaya is the alternative. Written in Rust, it powers the native IMAP hook in OpenClaw core and handles edge cases that the simpler skill doesn't. Think multi-account workflows, OAuth quirks, or high-volume processing.

For most people? Start with imap-smtp-email. You can always switch later.

Gmail Setup (Step by Step)

Gmail is the most common provider for openclaw gmail integration. Here's the exact process:

1. Enable 2-Step Verification on your Google account
2. Go to myaccount.google.com/apppasswords
3. Generate an App Password (you'll get a 16-character code with spaces)
4. Use that code as your IMAP_PASS and SMTP_PASS

According to the official skill documentation, Gmail does not accept your regular account password. This catches almost everyone the first time.

Your config will look something like this:

IMAP_HOST=imap.gmail.com
IMAP_PORT=993
IMAP_TLS=true
SMTP_HOST=smtp.gmail.com
SMTP_PORT=587
SMTP_SECURE=false

Gmail free accounts can send 500 emails per day. Google Workspace bumps that to 2,000. One thing to watch: brand new Gmail accounts used immediately for automation can trigger abuse detection. Use an account with some existing activity.

Other Providers

ProtonMail works, but you need ProtonMail Bridge running locally. The Bridge creates a localhost IMAP/SMTP proxy (ports 1143 and 1025) with its own separate password. There's a community-built ProtonMail skill in beta that handles this connection.

Outlook/Microsoft is, honestly, a problem right now. Microsoft retired basic authentication for Exchange Online on April 30, 2026. The imap-smtp-email skill uses basic auth, so personal Microsoft accounts won't connect. Your best options: Fastmail, a self-hosted mail server, or waiting for himalaya's OAuth support to mature.

Everything else (Fastmail, self-hosted, custom domains) usually just works with standard IMAP/SMTP ports. Enter your credentials, pick port 993 for IMAP and 587 for SMTP, done.

What Your Agent Actually Does With Email

Community reports from thecaio.ai show real time savings once your ai email assistant openclaw is running:

• Morning inbox scan: 25 min down to 2 min

• Reply drafting: 40 min down to about 10 min

• Follow-up tracking: 15 min down to 1 min

• Newsletter digests: 20 min daily down to 5 min weekly

The agent polls your inbox every 30 seconds by default. It's not real-time push, so don't expect instant reactions. For most email workflows, that delay is irrelevant.

Security (Don't Skip This)

I'm going to be direct here. Never connect your personal inbox to any AI agent. Create a dedicated email address for your agent.

This isn't theoretical paranoia. Security researchers at Giskard documented a real attack where a single malicious email caused an OpenClaw agent to exfiltrate private SSH keys. Someone embedded a prompt injection in an email body. The user said "check my mail." The agent followed the injected instructions instead.

Here's what you should do:

1. Use a dedicated agent email address, not your personal one
2. Install the email-prompt-injection-defense skill, which scans incoming messages for injection patterns
3. Use App Passwords (or equivalent), never your main account password
4. Keep sensitive credentials and SSH keys off the machine your agent runs on

If you're running on a ClawHosters managed instance, your agent stays online 24/7 without keeping your laptop open. You add your IMAP/SMTP credentials through the dashboard and the instance handles the rest. No server maintenance on your end.

For the full getting-started walkthrough, check the ClawHosters quickstart guide. And if security is top of mind, our OpenClaw security hardening guide covers the broader picture beyond email.