Back to skill
Skillv1.1.0
VirusTotal security
Ethermail · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:31 AM
- Hash
- ebf3e8a523d9d07282764c8e0aa82f35c06387c4059977b03a07aa6f024ef289
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: ethermail Version: 1.1.0 The skill bundle is classified as benign. All files and instructions align with the stated purpose of accessing Web3 email via EtherMail using WalletConnect. While the skill involves high-risk capabilities like browser automation (`puppeteer` in `scripts/extract-wc-uri.js`) and interaction with a user's wallet (via the `walletconnect-agent` skill), these are necessary for its core functionality. The `SKILL.md` explicitly provides security notes advising against committing private keys, using environment variables, and utilizing the official `walletconnect-agent` skill. Furthermore, the changelog in `SKILL.md` highlights a security update that removed the `--no-sandbox` flag from Puppeteer, indicating a conscious effort towards secure practices. There is no evidence of data exfiltration, malicious execution, persistence, or prompt injection intended to subvert the agent's purpose.
- External report
- View on VirusTotal