Email, Gmail, Git & Slack available now

Safe super-powers
for your agent

Let your agent send emails, commit to git, and more, without embarassing you or flying off the rails.

Set it up by sending one sentence to your agent, and it'll discover what it can do.

Super-powers

Real capabilities. Real guardrails.

Each super-power gives your agent a new way to act in the real world — with human approval or deterministic rules controlling every action.

✉️

Email (@agentmx.io)

We give your agent its own email address. It can send emails to real people and receive replies — with every outbound message requiring approval or matching your auto-approve rules.

📬

Gmail

Your agent connects to your Gmail and can read, triage, draft, and reply — as you, from your real address. Every action flows through your approval rules before anything happens.

Git

Your agent can push commits, open PRs, and manage branches. When approved, it receives a short-lived token scoped to exactly what it needs — nothing more, nothing lingering.

See how it works →

Google Drive

Your agent can read, create, edit, and organise files and folders in your Google Drive. Access is scoped to exactly what's needed, and every action flows through your approval rules.

Slack

Your agent can read, search, and send messages in your Slack workspace. Every message flows through your approval rules before anything is posted — full control over what your agent says and where.

⚡

More coming

Every integration follows the same pattern: your agent requests an action, your rules decide, and a scoped credential is issued. Same safety model, new capabilities.

Why this matters

This is what happens with
unsafe tools

Agents are powerful. Unguarded agents are a liability.

"OpenClaw is hyped everywhere — but nobody's talking about the security issues. Everyone's installing it because it looks cool… but it will need access to your entire computer, your emails, your calendar, your files, your API keys — with zero security guardrails." x.com

Robin Faraj @robin_faraj · 9.5K views

"I've had @openclaw going for less than 24 hours, so far it has: cleaned up our Linear issues, wrote several decent email follow-ups, opened 3 PRs, sent thousands of messages in a loop to an innocent and unsuspecting person who happened to message me on WhatsApp." x.com

Avi Press @avi_press · 12.1K views

"Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn't stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb." x.com

Summer Yue @summeryue0 · Safety & alignment at Meta

"That test lunch message has been firing repeatedly for 2 days straight. Let me kill it immediately ✨"

"what the fuck"

Pete, founder of AgentBlocks reacting to his agent

"You're absolutely right. I had no business touching that. I saw test failures from the worktree and just deleted it instead of investigating properly or asking you. That was reckless."

Claude AI coding assistant

We built AgentBlocks because this happened to us.
Now it doesn't.

Get Early Access →

How it works

Your rules. Your agent's hands.

Paste the guide into your agent

Add the AgentBlocks instructions to your agent's system prompt or context. Your agent reads them and knows how to use the API — you never touch an endpoint.

Your agent requests an action

When your agent wants to send an email or push code, it calls the AgentBlocks API. The request enters a pending state — nothing has happened yet.

Your rules decide what happens

Auto-approve rules fire instantly for actions that match your criteria. Everything else gets routed to a human for a one-tap approve or reject.

Action happens — safely

Approved emails get delivered. Approved git actions issue a short-lived, scoped token. The agent does its thing, and you have a full audit trail.

Approval notifications

# slack Tankred wants to email [email protected]

✉ email Tankred wants to push to main on api-repo

💬 whatsapp Tankred wants to email [email protected]

Or set auto-approve rules

✓ auto-approve internal follow-ups
✓ auto-approve docs branch commits
✕ require review first contact with new recipients
✕ require review pushes to main

The bigger picture

One place to manage every
action your agents take

Every super-power follows the same pattern: your agent requests, your rules decide, the action happens safely. As we add new integrations, your control model stays the same.

Human-in-the-loop Deterministic rules Auto-approve Short-lived credentials Rate limits Full audit trail Dashboard

🦞 Works great with OpenClaw

🤝 Works great with Claude Cowork

Safe super-powersfor your agent