Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.
Gmail protection for AI agents
A proxy between your AI agent and Gmail. You set the rules.
12:04:11 allow messages.list — claude
12:04:12 allow messages.get — claude
12:04:14 gate messages.send — claude
waiting for approval...
12:04:18 approved via telegram — @user
12:04:19 forwarded messages.send — 200
12:04:22 deny messages.trash — rogue-bot
THIS ACTUALLY HAPPENED
Even with “confirm before acting” enabled, the agent speedran through deletions. No policy engine. No kill switch. No audit log. Just raw OAuth access and hope.
AskFirst makes this impossible. Destructive operations are blocked by default. Everything else goes through your rules.
THE PROBLEM
Read, send, and delete — one permission
Google's permissions are all-or-nothing for useful work. Read-only exists but blocks labels, filters, and organization — so every agent needs full access.
Malicious emails can hijack your agent
An email with hidden instructions could trick your agent into forwarding data, deleting threads, or sending messages you never approved.
No record of what happened
Your agent sent an email? Archived a thread? You'll never know unless you manually check. There's no activity log.
No way to approve before it happens
Once an agent has access, it acts instantly. There's no pause button, no approval step, no way to review before it sends that email.
HOW IT WORKS
Sign in with your Google account. AskFirst encrypts and stores your credentials securely — your agent never sees them.
Choose what each agent can do: let it read freely, require your approval before sending, block deletes entirely. Different agents get different permissions.
Point your agent at AskFirst instead of Gmail directly. Everything works the same — but risky actions pause and ping you on Telegram. Approve or deny with one tap.
FEATURES
Reading email? Auto-allowed. Sending a reply? Needs your approval. Deleting a thread? Blocked. You set the rules for every type of action.
When your agent tries something risky, you get a Telegram message with full context — who, what, to whom. Tap approve or deny. Takes 2 seconds.
See everything your agent did — what it read, what it sent, what got blocked. Permanent record. Nothing gets deleted.
Give Claude one key, GPT another, your custom script a third. Each with different permissions. Revoke any key instantly.
Change one URL and add a key. That's it. Works with Claude, GPT, custom scripts — anything that calls Gmail. No code changes needed.
Your Google tokens are encrypted and stored securely by AskFirst. Your agent never sees them — it only gets a proxy key that goes through us.
INTEGRATION
# Before — agent holds your raw Google token
curl -H "Authorization: Bearer ya29_REAL_TOKEN" \
https://gmail.googleapis.com/gmail/v1/users/me/messages
# After — agent calls through AskFirst
curl -H "Authorization: Bearer aw_AGENT_KEY" \
https://api.askfirst.io/proxy/CONNECTOR_ID/gmail/v1/users/me/messages
Same response. Reads are logged. Writes need approval. Deletes are blocked.
INTEGRATIONS
We're building connectors for all the services your agents use. Gmail is live — the rest are coming soon.
Gmail
Read, send, and manage email with full policy control
LiveTwitter / X
Post tweets, read DMs, manage your timeline
Coming soonTelegram
Send messages, read chats, manage channels
Coming soonGitHub
Create issues, push code, manage repos
Coming soonDiscord
Send messages, manage servers, create channels
Coming soonGoogle Drive
Upload files, share documents, manage folders
Coming soonGoogle Calendar
Create events, manage invites, check availability
Coming soonOpen Proxy
Proxy any REST API with custom rules
Coming soonUSE CASES
Developers
Building an AI agent that handles email? Let your users control what it can do. Ship with built-in safety instead of hoping nothing goes wrong.
Power users
Using Claude, GPT, or a custom agent with your Gmail? Set exactly what it can do — read freely, ask before sending, never delete. Get a Telegram ping before anything risky.
Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb.