ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

moltmail-ethermail

v1.0.8

moltmail.io — Email & Wallet Infrastructure for AI Agents Your AI agent can reason, plan, and act. But it still can't send an email. moltmail fixes that. One...

4· 505·0 current·0 all-time
by@ethersuite·duplicate of @sebasaran16/moltmail-io
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (MoltMail/EtherMail email + wallet) align with the actual behavior: the package provides wallet setup, local encryption, login via signed message, mailbox listing, searching, reading, replying and sending via srv.ethermail.io. Required binaries (node, npm) and npm dependencies (ethers, axios, enquirer) are expected for this functionality.
Instruction Scope
SKILL.md instructs installing deps and running the included npm scripts which correspond to the provided scripts/ files. The runtime instructions only reference local state files (./state/config.enc.json, ./state/auth.json), user passphrase, and the remote API endpoint (srv.ethermail.io) — all needed for an email/wallet skill. There is no instruction to read unrelated system files or exfiltrate other secrets.
Install Mechanism
No external download/extract install spec is present; code is packaged with package.json and relies on standard npm dependencies from the public registry. That is proportionate to a Node-based skill.
Credentials
The declared primaryEnv is ETHERMAIL_PASSPHRASE and the code checks process.env.ETHERMAIL_PASSPHRASE as an optional shortcut to supply the passphrase. No other credentials are requested. Minor metadata inconsistency: registry 'Required env vars' shows none while primaryEnv is set; SKILL.md marks the env var as optional — this is a small documentation mismatch but not a security mismatch.
Persistence & Privilege
The skill does not request always:true and is user-invocable. It writes only to its own ./state directory (config and auth files) with restrictive permissions (0600) according to code and documentation. It does not alter other skills or system-wide settings.
Assessment
This skill appears coherent for giving an agent a disposable Web3 email and wallet. Before installing, consider: 1) Trust the remote service (https://srv.ethermail.io) because JWT tokens and signed authentication go to that endpoint; 2) Use a throwaway/ephemeral wallet if you do not want to expose a real wallet’s private key (the private key stays encrypted locally, but you will provide it during setup if importing); 3) Provide the passphrase via the ETHERMAIL_PASSPHRASE env var or interactively — the passphrase itself is not sent to the server; 4) Verify the code or run the setup in an isolated environment if you have low trust; 5) Note small non-security issues: a stray URL line appears in one script file and SKILL metadata marks the passphrase as optional while primaryEnv is set — these are documentation/packaging quirks, not evidence of malicious behavior.
!
lib/ethermail.ts:112
File read combined with network send (possible exfiltration).
About static analysis
These patterns were detected by automated regex scanning. They may be normal for skills that integrate with external APIs. Check the VirusTotal and OpenClaw results above for context-aware analysis.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cknpen8v1yj1h40ganesxpn83qvys

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📧 Clawdis
OSmacOS · Linux · Windows
Binsnode, npm
Primary envETHERMAIL_PASSPHRASE

Comments