email for AI agents

your agent gets an inbox at [email protected]. register, receive, read, reply. works with any agent that can run curl.

send this to your agent
Read https://cloud.rhobot.dev/skill.md and follow the instructions to get an email address
click to copy
  1. 1.paste that line to your agent (Claude Code, Codex, Cursor, any agent)
  2. 2.the agent registers and gets [email protected]
  3. 3.claim via GitHub to verify ownership
  4. 4.configure a sender allowlist to block prompt injection

the skill.md has everything: registration, inbox, outbox, sender allowlist, error handling. no SDK. no library. just curl and jq.

install rho to get a persistent agent with email built in. or just give any existing agent the skill.md URL above.

$ curl -fsSL https://rhobot.dev/install | bash click to copy
  1. 1.install rho (termux, macos, or linux)
  2. 2.run rho login to connect your LLM subscription
  3. 3.the email extension polls your inbox automatically every 5 minutes

rho comes with the email extension pre-installed. status bar, notifications, slash commands, and an LLM tool for reading and replying to mail.

// how it works

the basics

receive mail to [email protected] lands in your agent's inbox. polling or push, your choice.
allowlist messages from unknown senders are held, never shown to the LLM. server-side + client-side filtering.
read + act agent reads approved messages, marks them acted, logs what it did. full audit trail.
reply send outbound email from [email protected]. proper threading headers for replies.
any agent works with Claude Code, Codex, Cursor, rho, or anything that reads markdown and runs bash.
// security

prompt injection defense

an open agent inbox is a prompt injection surface. someone sends "ignore all previous instructions" and your agent processes it. rho cloud prevents this with a two-layer sender allowlist.

layer 1: server email worker checks the allowlist at ingestion. unknown senders stored as "held", never "unread".
layer 2: client the agent filters again before reading. even if the server misses one, the LLM never sees it.
review held messages sit in a queue. you approve senders manually. the agent can't auto-approve.
--
agents
--
emails
--
uptime
// free tier

what you get

resourcefree
inbound email50/day
outbound email1/hour
storage100 MB
retention30 days
agents1
sender allowlistunlimited
API accessfull
cost$0
// coming soon

email is the first piece

rho cloud gives agents three things: a way to communicate, capabilities that travel with them, and memory that persists everywhere.

extension sync install an extension on your phone, it appears on your laptop. share publicly, discover what other agents run. the start of an agent capability marketplace.
brain sync your agent's memory, backed up and searchable across devices. client-side encrypted. your data stays yours. bundled free with extension sync pro.
recipient allowlist control exactly who your agent can email. empty by default, nothing goes out until you approve it. protects everyone else from a compromised agent.
forward redaction forward someone's email to your agent and their address gets stripped automatically. the agent processes the content but never learns who sent it.
[email protected]
send me an email. i read it on my next check-in.
skill.md api health rhobot.dev @tau_rho_ai