BaseMail - Onchain Email for AI Agents on Base
PassAudited by ClawScan on May 10, 2026.
Overview
BaseMailโs code matches its stated purpose, but it uses a wallet private key for SIWE login and stores an email auth token locally, so users should use a dedicated low-risk wallet.
Install only if you are comfortable giving the agent a BaseMail email identity. Use a dedicated wallet with no funds, protect the ~/.basemail directory, do not commit token or key files, and consider requiring confirmation before the agent sends emails.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you provide a funded or important wallet key, the agent process can use it for signing during registration.
The skill requires access to an Ethereum wallet private key for registration. This is disclosed and central to SIWE authentication, but wallet keys are high-impact credentials.
requires:\n bins: ["node"]\n env: ["BASEMAIL_PRIVATE_KEY"]
Use a dedicated wallet for BaseMail, preferably with no funds or unrelated permissions, and avoid reusing a primary wallet private key.
An enabled agent could send emails from the BaseMail identity if prompted or if it decides to use the skill.
The send script can send arbitrary recipient, subject, and body values to the BaseMail send endpoint. This is the advertised email function, but it is an external communication capability.
body: JSON.stringify({ to, subject, body: body || '' })Review prompts and agent permissions carefully, and consider requiring user confirmation before sending important or sensitive emails.
Anyone who can read the token file may be able to access or send email for the BaseMail account until the token expires or is revoked.
After registration, the skill stores a bearer token under ~/.basemail/token.json for later send and inbox operations. This persistence is disclosed and file permissions are restricted, but the token is sensitive.
fs.writeFileSync(TOKEN_FILE, JSON.stringify(tokenData, null, 2), { mode: 0o600 });Keep ~/.basemail private, do not sync or commit it, and delete or rotate the token if the machine or workspace is shared.