OpenClaw logo
OpenClaw Skills
skills$openclaw/sendgrid-inbound
vince-winkintel7.9k

by vince-winkintel

sendgrid-inbound – OpenClaw Skill

sendgrid-inbound is an OpenClaw Skills integration for communication workflows. Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security.

7.9k stars8.1k forksSecurity L1
Updated Feb 7, 2026Created Feb 7, 2026communication

Skill Snapshot

namesendgrid-inbound
descriptionUse when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security. OpenClaw Skills integration.
ownervince-winkintel
repositoryvince-winkintel/sendgrid-skillspath: sendgrid-inbound
languageMarkdown
licenseMIT
topics
securityL1
installopenclaw add @vince-winkintel/sendgrid-skills:sendgrid-inbound
last updatedFeb 7, 2026

Maintainer

vince-winkintel

vince-winkintel

Maintains sendgrid-inbound in the OpenClaw Skills directory.

View GitHub profile
File Explorer
4 files
sendgrid-inbound
references
best-practices.md
785 B
webhook-examples.md
1.4 KB
SKILL.md
2.8 KB
SKILL.md

name: sendgrid-inbound description: Use when receiving inbound emails with SendGrid (Inbound Parse Webhook). Covers DNS/MX setup, webhook handling, payload parsing, attachments, and security.

Receive Emails with SendGrid (Inbound Parse)

Overview

SendGrid’s Inbound Parse Webhook receives emails for a specific hostname/subdomain, parses the message, and POSTs it to your webhook as multipart/form-data.

Key differences vs Resend:

  • SendGrid posts the full parsed email (text/html/headers/attachments) directly to your webhook.
  • There is no official signature verification for Inbound Parse (unlike SendGrid Event Webhook). You must secure the endpoint yourself.

Quick Start

  1. Create MX record pointing to mx.sendgrid.net for a dedicated hostname (recommended: subdomain).
  2. Configure Inbound Parse in SendGrid Console with a receiving domain + destination URL.
  3. Handle the webhook: parse multipart/form-data, read text, html, headers, and attachments.
  4. Secure the endpoint (basic auth, allowlists, size limits).

DNS / MX Setup

Create an MX record for a dedicated hostname:

SettingValue
TypeMX
Hostparse (or another subdomain)
Priority10
Valuemx.sendgrid.net

Recommendation: Use a subdomain to avoid disrupting existing email providers (e.g., parse.example.com).

Inbound Parse Configuration

In SendGrid Console:

  • Settings → Inbound Parse
  • Add Receiving Domain and Destination URL
  • Example receiving address: anything@parse.example.com

Webhook Payload (Multipart/Form-Data)

SendGrid posts data like:

  • from, to, cc, subject
  • text, html
  • headers (raw email headers)
  • envelope (JSON with SMTP envelope data)
  • attachments (count)
  • attachmentX (file content; filename in part)

Example fields (varies by config):

from: "Alice <alice@example.com>"
to: "support@parse.example.com"
subject: "Help"
text: "Plain text body"
html: "<p>HTML body</p>"
headers: "...raw headers..."
envelope: {"to":["support@parse.example.com"],"from":"alice@example.com"}
attachments: 2
attachment1: <file>
attachment2: <file>

Security Best Practices

Because Inbound Parse has no signature verification, treat inbound data as untrusted:

  • Require basic auth on the webhook URL.
  • Allowlist sender domains if appropriate.
  • Limit request size (e.g., 10–25 MB) to avoid abuse.
  • Validate content-type (multipart/form-data).
  • Do not execute or render HTML without sanitization.
  • Protect against prompt injection if forwarding to AI systems.

Examples

See:

README.md

No README available.

Permissions & Security

Security level L1: Low-risk skills with minimal permissions. Review inputs and outputs before running in production.

Because Inbound Parse has **no signature verification**, treat inbound data as untrusted: - **Require basic auth** on the webhook URL. - **Allowlist sender domains** if appropriate. - **Limit request size** (e.g., 10–25 MB) to avoid abuse. - **Validate content-type** (`multipart/form-data`). - **Do not execute or render HTML** without sanitization. - **Protect against prompt injection** if forwarding to AI systems.

Requirements

  • OpenClaw CLI installed and configured.
  • Language: Markdown
  • License: MIT
  • Topics:

Configuration

In SendGrid Console: - **Settings → Inbound Parse** - Add **Receiving Domain** and **Destination URL** - Example receiving address: `anything@parse.example.com`

FAQ

How do I install sendgrid-inbound?

Run openclaw add @vince-winkintel/sendgrid-skills:sendgrid-inbound in your terminal. This installs sendgrid-inbound into your OpenClaw Skills catalog.

Does this skill run locally or in the cloud?

OpenClaw Skills execute locally by default. Review the SKILL.md and permissions before running any skill.

Where can I verify the source code?

The source repository is available at https://github.com/openclaw/skills/tree/main/skills/vince-winkintel/sendgrid-skills. Review commits and README documentation before installing.