moltmail-ethermail
Security checks across malware telemetry and agentic risk
Overview
The skill’s behavior matches its Web3 email purpose, but it handles wallet credentials, stores an auth token, and can send or read email through EtherMail.
Install this only if you trust MoltMail/EtherMail and are comfortable giving the agent a dedicated email-and-wallet identity. Use a new low-value wallet rather than a funded personal wallet, protect the passphrase and ./state files, and review outbound emails before they are sent.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the passphrase, encrypted wallet file, or auth token is exposed, someone may be able to access the MoltMail/EtherMail identity or impersonate the inbox session.
The skill intentionally handles wallet identity material and an API session token. This is disclosed and aligned with the Web3 email login flow, but it is sensitive authority.
**Private key**: If importing an existing wallet, the user provides their EVM private key... stored in `./state/config.enc.json`... **Auth token**: A JWT returned by `https://srv.ethermail.io` after login. Stored in `./state/auth.json`
Prefer creating a new dedicated wallet for this skill, use a strong passphrase, protect the ./state directory, and avoid setting ETHERMAIL_PASSPHRASE in shared shells or logs.
The agent can send email or mark messages as read when these commands are invoked, which can affect communications with other people or services.
The skill exposes account actions that send messages and mutate read state. These actions are expected for an email skill, but users should understand their effect.
`npm run send-email -- <to> <subject> '<html>' [--from <alias>]` | Send an email ... `npm run get-email -- <mailboxId> <messageId>` | Get full email content (auto-marks as read)
Review recipient addresses, subjects, and message content before allowing sends or replies, and remember that fetching full content marks a message as read.
Installing the skill pulls npm dependencies and running commands executes local scripts on the user’s machine.
The skill runs local TypeScript scripts and depends on npm packages. This is normal for the implementation and a package-lock is provided, but dependency installation is still part of the trust boundary.
"setup": "ts-node setup.ts", "login": "ts-node scripts/loginToEtherMail.ts" ... "dependencies": { "axios": "^1.13.4", "enquirer": "^2.4.1", "ethers": "^6.16.0" }Install from the intended source, keep the lockfile intact, and re-review dependency changes before updating.