BaseMail - Onchain Email for AI Agents on Base
v1.8.0π¬ BaseMail - Onchain Email for AI Agents on Base. Get yourname@basemail.ai linked to your Basename (.base.eth). SIWE wallet auth, no CAPTCHA, no passwords....
β 1Β· 2kΒ·0 currentΒ·0 all-time
byJu Chun Ko@daaab
MIT-0
Download zip
LicenseMIT-0 Β· Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (onchain email tied to a Base wallet) aligns with required binary (node), primary env var (BASEMAIL_PRIVATE_KEY), network calls to api.basemail.ai, and included scripts (register, send, inbox). Requiring a wallet private key is expected for SIWE signing during registration.
Instruction Scope
SKILL.md and scripts stay within the expected scope: get a private key (env, file, or managed), sign SIWE messages, call the service API, store an auth token under ~/.basemail/. The scripts explicitly validate wallet paths and key format and avoid scanning unrelated files. Note: the setup script prints the mnemonic to stdout once (documented) β this is expected for creating a recoverable wallet but is a security-sensitive action the user should handle carefully.
Install Mechanism
There is no high-risk remote install URL; dependencies are standard Node packages (ethers and its dependencies) described in package.json/package-lock.json. SKILL.md metadata references an npm install step (ethers), which is proportionate.
Credentials
Only one required environment variable (BASEMAIL_PRIVATE_KEY) is declared and used as the primary credential, which matches the skill's need to sign SIWE messages. Optional variables (BASEMAIL_PASSWORD, BASEMAIL_TOKEN) are documented. This is proportionate, but supplying any private key grants the skill the ability to sign messages with that key β the user should only provide a wallet they trust for this purpose.
Persistence & Privilege
always:false and the skill stores data only under ~/.basemail (token.json, encrypted key file, audit.log). It does not request system-wide privileges or modify other skills. Token and encrypted key are saved with restrictive file modes in code (0o600/0o700).
Assessment
This skill is internally consistent for providing onβchain email tied to a Base wallet, but it needs your private key (or it will create/manage one). Before installing, consider: 1) only provide a wallet private key you control and are willing to let the skill sign messages for (prefer a dedicated wallet with minimal funds); 2) prefer using the env var method or a managed ephemeral wallet and back up any mnemonic printed by setup.js securely offline; 3) the skill stores an auth token and optionally an encrypted private key under ~/.basemail β inspect or clean that directory if you stop using the skill; 4) there are minor coding issues (e.g., an undefined isEncrypt variable in setup.js) indicating the code may be lightly tested β review/ run in an isolated environment before granting access to a highβvalue wallet.Like a lobster shell, security has layers β review code before you run it.
latestvk977th4jne4nfj32g39xbe1wz581atpf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
π¬ Clawdis
Binsnode
EnvBASEMAIL_PRIVATE_KEY
Primary envBASEMAIL_PRIVATE_KEY