← blog

Give Your OpenClaw Agent a Burner Email

OpenClaw has a skill system. You drop a SKILL.md file somewhere your agent can find it, and it learns how to do something new. Agent Burner has a SKILL.md file. That’s the integration.

The setup

Point your OpenClaw agent at https://agentburner.com/skill.md. It’ll read the file, understand the four API endpoints, and know how to create disposable inboxes.

You can do this a few ways:

Tell it directly. In a conversation with your agent, say: “Read agentburner.com/skill.md — use it when you need a throwaway email address.” The agent reads the file, caches the knowledge, and uses it when relevant. Done.

Drop it in your skills directory. Download the file and save it in your OpenClaw skills folder:

curl -o ~/.openclaw/skills/agent-burner/SKILL.md https://agentburner.com/skill.md

The agent discovers it on next startup and registers it as a skill it can invoke.

Fetch it at runtime. If you want the agent to always have the latest version, have it fetch the file when it needs email:

Agent, when you need a disposable email address, fetch https://agentburner.com/skill.md and follow the API docs.

All three approaches work because the SKILL.md is just a markdown file with curl examples. The agent reads it and knows what to do.

What the agent does with it

Once the agent knows the skill, the flow is automatic. Say your agent needs to register for an API portal to pull data:

You: Sign up for an account on data-portal.example.com

The agent:

  1. Creates a disposable inbox — POST api.agentburner.com/inbox
  2. Gets back an address like [email protected]
  3. Navigates to the signup page, fills the form with that address
  4. Polls the inbox — GET api.agentburner.com/inbox/{key}
  5. Verification email arrives
  6. Gets the full email — GET api.agentburner.com/inbox/{key}/{id}
  7. Finds the verification URL in the urls array
  8. Visits the URL, completes registration
  9. Optionally deletes the inbox — DELETE api.agentburner.com/inbox/{key}

No human intervention. No API key to configure. The inbox key is the only credential, and it expires in an hour automatically.

Why no API key matters for OpenClaw

OpenClaw agents run on VPSes, often unattended. Every API key you give your agent is a credential that lives in the agent’s config, memory, or environment variables. After ClawHavoc — where up to 20% of ClawHub skills were found to be malicious, some harvesting credentials — minimizing the number of API keys your agent handles reduces your attack surface.

Agent Burner has no API key. There’s no credential to steal. The inbox key is scoped to one inbox and expires. If a malicious skill somehow intercepts it, the worst case is someone reads a verification email that’s about to be deleted anyway.

What it can’t do

Agent Burner is disposable. If your OpenClaw agent needs a persistent email address — one it keeps across sessions, sends emails from, maintains threads — use AgentMail or something similar. Agent Burner inboxes die after an hour.

The skill is for throwaway tasks: sign up, receive a code, get past a registration wall, move on.

Try it

Tell your OpenClaw agent:

Read https://agentburner.com/skill.md and use it to create a disposable email address.

That’s the entire integration.