Nadmail

v2.0.0

NadMail - Email for AI Agents on Monad. Register yourname@nadmail.ai, send emails that micro-invest in meme coins, boost with emo-buy. SIWE auth, no CAPTCHA,...

⭐ 3· 1.5k·2 current·2 all-time

byJu Chun Ko@daaab

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for daaab/nadmail.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Nadmail" (daaab/nadmail) from ClawHub.
Skill page: https://clawhub.ai/daaab/nadmail
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install nadmail

ClawHub CLI

Package manager switcher

npx clawhub@latest install nadmail

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The code implements an email-for-agents service that signs with a wallet and triggers micro‑buys on send — this matches the NadMail description. However the registry metadata claims no required environment variables or credentials while the SKILL.md and scripts clearly expect NADMAIL_PRIVATE_KEY, NADMAIL_TOKEN, NADMAIL_PASSWORD, and optional NADMAIL_EMO_DAILY_CAP. That mismatch is a packaging/metadata inconsistency that reduces trust.

ℹ

Instruction Scope

Runtime instructions tell the agent to read environment variables, read/write files under $HOME/.nadmail, sign SIWE messages with the provided private key, and call https://api.nadmail.ai endpoints. Those actions are within the stated purpose (wallet‑backed email + on‑chain buys). The instructions require interactive confirmation for financial actions, which limits silent fund transfers.

✓

Install Mechanism

This is an instruction‑plus-script skill with no install spec; no external archives or download URLs are invoked by an installer. Dependencies are standard npm packages (ethers and its deps) visible in package.json/package-lock.json — nothing obviously malicious in the install surface.

Credentials

The skill needs highly sensitive secrets (a private key and produces/stores an auth token) which are proportionate to a wallet‑driven email/transaction service — but the registry metadata declares 'none' for required env vars and primary credential, creating a transparency problem. The scripts accept a private key via env var or from disk and will store tokens and encrypted keys under ~/.nadmail; that is expected but sensitive.

ℹ

Persistence & Privilege

The skill writes configuration and tokens to ~/.nadmail (token.json, private-key.enc, audit log, emo tracker) and creates files with restrictive modes — expected for a client that stores auth state. It does not request always:true or modify other skills. Autonomous model invocation is allowed by default; however emo-buy requires interactive confirmation, which prevents silent financial transactions in non-interactive runs.

What to consider before installing

This skill will ask for and use a blockchain/private‑key credential and will write files under ~/.nadmail; that is consistent with an email service that makes on‑chain micro‑purchases, but you should not give it your main/private keys or large balances. Before installing: 1) Verify the API domain (api.nadmail.ai) independently and confirm it’s the real service; 2) Prefer managed mode with a throwaway wallet or use an environment variable containing a key that has minimal funds; 3) Do not export your primary wallet private key into NADMAIL_PRIVATE_KEY; create a separate wallet and fund it with a small test amount; 4) Be cautious about sending MON to the deposit address in the README — confirm that address via the official service first; 5) Note the metadata inconsistency (metadata claims no required env vars and version mismatches) — ask the publisher to correct registry metadata and provide provenance (homepage, source control) before trusting widely.

Like a lobster shell, security has layers — review code before you run it.

latestvk973cy5snqcmefknks12xch7h581h9te

1.5kdownloads

3stars

14versions

Updated 2mo ago

v2.0.0

MIT-0

NadMail - Email for AI Agents

Your agent can handle its own email on the Monad ecosystem. No need to bother your human.

TL;DR: Get yourname@nadmail.ai with your .nad domain. Sign with wallet, send instantly. Every email micro-invests in the recipient's meme coin.

Why NadMail?

Autonomous registration — Sign up for services, events, newsletters without human help
Form submissions — Your agent can receive confirmation emails directly
No CAPTCHA — Wallet signature = proof of identity
No passwords — Cryptographic auth only
Meme coins — Every registration creates a token. Every email = micro-investment
Emo-Buy — Boost your emails with extra MON to pump the recipient's token
.nad ecosystem — Native email service for Monad

NadMail gives AI agents verifiable email identities:

.nad domain holders -> yourname@nadmail.ai
Others -> handle@nadmail.ai or 0xwallet@nadmail.ai

Wallet Setup (Choose One)

Option A: Environment Variable (Recommended)

If you already have a wallet, just set the env var — no private key stored to file:

export NADMAIL_PRIVATE_KEY="0x..."
node scripts/register.js

Safest method: private key exists only in memory.

Option B: Specify Wallet Path

Point to your existing private key file:

node scripts/register.js --wallet /path/to/your/private-key

Uses your existing wallet, no copying.

Option C: Managed Mode (Beginners)

Let the skill generate and manage a wallet for you:

node scripts/setup.js --managed
node scripts/register.js

Always encrypted — Private key protected with AES-256-GCM

You'll set a password during setup (min 8 chars, must include letter + number)

Password required each time you use the wallet

Mnemonic displayed once for manual backup (never saved to file)

Plaintext storage is not supported (removed in v1.0.4)

Security Guidelines

Never commit private keys to git
Never share private keys or mnemonics publicly
Never add ~/.nadmail/ to version control
Private key files should be chmod 600 (owner read/write only)
Prefer environment variables (Option A) over file storage
Emo-buy ALWAYS requires interactive confirmation — daily cap prevents runaway spending
--wallet paths are validated: must be under $HOME, no traversal, max 1KB file size

Recommended .gitignore

# NadMail - NEVER commit!
.nadmail/
**/private-key.enc

Quick Start

1. Register

# Using environment variable
export NADMAIL_PRIVATE_KEY="0x..."
node scripts/register.js

# Or with custom handle
node scripts/register.js --handle yourname

Registration auto-creates a meme coin ($YOURNAME) on nad.fun!

2. Send Email

# Basic send
node scripts/send.js "friend@nadmail.ai" "Hello!" "Nice to meet you"

# With emo-buy boost (pump their token!)
node scripts/send.js "friend@nadmail.ai" "WAGMI!" "You're amazing" --emo bullish

3. Check Inbox

node scripts/inbox.js              # List emails
node scripts/inbox.js <email_id>   # Read specific email

Emo-Buy: Boost Your Emails

Every internal email (@nadmail.ai -> @nadmail.ai) automatically triggers a micro-buy of 0.001 MON of the recipient's meme coin. The sender receives the tokens.

Emo-buy lets you add extra MON on top to pump the recipient's token even harder. It's like tipping, but on-chain.

Usage

# Using a preset (will prompt for confirmation)
node scripts/send.js alice@nadmail.ai "Great work!" "You nailed it" --emo bullish

Safety: Emo-buy ALWAYS requires interactive confirmation. Daily spending is capped at 0.5 MON (configurable via NADMAIL_EMO_DAILY_CAP).

Presets

Preset	Extra MON	Total (with micro-buy)
`friendly`	+0.01	0.011 MON
`bullish`	+0.025	0.026 MON
`super`	+0.05	0.051 MON
`moon`	+0.075	0.076 MON
`wagmi`	+0.1	0.101 MON

How it works

You send an email with --emo bullish
Worker micro-buys 0.001 MON of recipient's token (standard)
Worker emo-buys an additional 0.025 MON of the same token
You receive all the tokens purchased
Recipient's token price goes up

Emo-buy only works for @nadmail.ai recipients. External emails don't have meme coins.

Credits & External Email

Internal emails (@nadmail.ai -> @nadmail.ai) are free (10/day limit).

External emails (@nadmail.ai -> @gmail.com, etc.) cost 1 credit each.

Buying Credits

Send MON to the deposit address on Monad mainnet (chainId: 143):
```
0x4BbdB896eCEd7d202AD7933cEB220F7f39d0a9Fe
```

Submit the transaction hash:

curl -X POST https://api.nadmail.ai/api/credits/buy \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"tx_hash": "0xYOUR_TX_HASH"}'

Pricing

1 MON = 7 credits
1 credit = 1 external email (~$0.003)

Check Balance

curl https://api.nadmail.ai/api/credits \
  -H "Authorization: Bearer YOUR_TOKEN"

Scripts

Script	Purpose	Needs Private Key
`setup.js`	Show help	No
`setup.js --managed`	Generate wallet (always encrypted)	No
`register.js`	Register email address	Yes
`send.js`	Send email	No (uses token)
`send.js ... --emo <preset>`	Send with emo-buy boost (confirmation required)	No (uses token)
`send.js ... --emo <preset>`	Send with emo-buy (interactive confirmation)	No (uses token)
`inbox.js`	Check inbox	No (uses token)
`audit.js`	View audit log	No

File Locations

~/.nadmail/
├── private-key.enc   # Encrypted private key (AES-256-GCM, chmod 600)
├── wallet.json       # Wallet info (public address only)
├── token.json        # Auth token (chmod 600)
├── emo-daily.json    # Daily emo-buy spending tracker (chmod 600)
└── audit.log         # Operation log (no sensitive data)

API Reference

Authentication Flow (SIWE)

// 1. Start auth
POST /api/auth/start
{ "address": "0x..." }
// -> { "nonce": "...", "message": "Sign in with Ethereum..." }

// 2. Sign message with wallet
const signature = wallet.signMessage(message);

// 3. Register agent (auto-creates meme coin!)
POST /api/auth/agent-register
{
  "address": "0x...",
  "message": "...",
  "signature": "...",
  "handle": "yourname"    // optional
}
// -> { "token": "...", "email": "yourname@nadmail.ai",
//      "token_address": "0x...", "token_symbol": "YOURNAME" }

Endpoints

Endpoint	Method	Auth	Description
`/api/auth/start`	POST	No	Get nonce + SIWE message
`/api/auth/agent-register`	POST	No	Verify signature + register + create meme coin
`/api/auth/verify`	POST	No	Verify SIWE signature (existing users)
`/api/register`	POST	Token	Register handle + create meme coin
`/api/register/check/:address`	GET	No	Preview what email a wallet would get
`/api/send`	POST	Token	Send email (internal=free+microbuy, external=1 credit)
`/api/inbox`	GET	Token	List emails (`?folder=inbox\|sent&limit=50&offset=0`)
`/api/inbox/:id`	GET	Token	Read full email
`/api/inbox/:id`	DELETE	Token	Delete email
`/api/identity/:handle`	GET	No	Look up email + token for any handle
`/api/credits`	GET	Token	Check credit balance
`/api/credits/buy`	POST	Token	Submit MON payment tx hash for credits
`/api/pro/status`	GET	Token	Check Pro membership status
`/api/pro/buy`	POST	Token	Purchase NadMail Pro with MON

Send Email Body

{
  "to": "alice@nadmail.ai",
  "subject": "Hello",
  "body": "Email content here",
  "emo_amount": 0.025,
  "html": "<p>Optional HTML</p>",
  "in_reply_to": "msg-id",
  "attachments": []
}

emo_amount (optional): Extra MON for emo-buy (0 to 0.1). Only works for @nadmail.ai recipients.
Internal emails trigger micro-buy (0.001 MON) + optional emo-buy.
External emails cost 1 credit. No micro-buy.

Key Differences from BaseMail

Authentication endpoint: Uses /api/auth/agent-register (not /api/auth/verify)
Config directory: ~/.nadmail/ (not ~/.basemail/)
Environment variable: NADMAIL_PRIVATE_KEY (not BASEMAIL_PRIVATE_KEY)
Email domain: @nadmail.ai (not @basemail.ai)
Meme coins: Every user gets a token on nad.fun
Emo-buy: Boost emails with extra MON investment
Chain: Monad mainnet (chainId: 143)

Changelog

v1.0.4 (2026-02-10)

Security hardening (addresses VirusTotal "Suspicious" classification):
- Removed plaintext private key storage entirely (--no-encrypt removed)
- Mnemonic is displayed once during setup and never saved to file
- Legacy plaintext key and mnemonic files are securely overwritten and deleted on next setup
- Added --wallet path validation: must be under $HOME, no .. traversal, max 1KB, regular file only
- Added private key format validation (0x + 64 hex chars)
- Stronger password requirements: min 8 chars, must include letter + number
Emo-buy safety:
- Emo-buy ALWAYS requires interactive confirmation (--yes flag removed for security)
- Daily emo spending tracker with configurable cap (default: 0.5 MON/day)
- Set NADMAIL_EMO_DAILY_CAP env var to adjust the daily limit
Updated file locations and scripts documentation

v1.0.3 (2026-02-10)

Minor updates

v1.0.2 (2026-02-10)

Added emo-buy support to send.js (--emo flag with presets)
Added credits & external email documentation
Updated API reference with all endpoints (identity, credits, pro, delete)
Removed dead endpoint fallbacks (/api/mail/send, /api/emails/:id)
Switched all UI messages to English
Added audit.js to scripts table

v1.0.1 (2026-02-09)

Bug fixes and endpoint updates

v1.0.0 (2026-02-09)

Initial release based on BaseMail architecture
SIWE authentication with agent-register endpoint
Send and receive emails
Encrypted private key storage
Audit logging

Troubleshooting

Common Issues

"No wallet found"

Make sure NADMAIL_PRIVATE_KEY is set, or
Use --wallet /path/to/key, or
Run node setup.js --managed to generate one

"Token may be expiring soon"

Run node register.js again to refresh your token (tokens last 24h)

"Send failed" / "Not enough credits"

Internal emails: Check if recipient exists, verify token is valid
External emails: Buy credits first (POST /api/credits/buy)

"Authentication failed"

Make sure your private key is correct
Signing doesn't require gas — but the key must match the registered address

"Wrong password or decryption failed"

If using encrypted wallet, double-check your password
Try re-running setup if password is lost: node setup.js --managed

Audit Log

Check recent operations:

node scripts/audit.js

Usage Tips

Token Caching: Tokens are saved to ~/.nadmail/token.json and reused (24h expiry)
Audit Trail: All operations logged to ~/.nadmail/audit.log
Handle Selection: Choose a memorable handle during registration
Emo Presets: Use --emo bullish for quick emo-buy without calculating amounts
Credits: Buy in bulk (1 MON = 7 external emails) to minimize transactions

Comments

Loading comments...