Skillv1.0.9

ClawScan security

moltmail-ethermail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 21, 2026, 6:48 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose (providing a Web3-backed email inbox) — it only requires Node/npm and an optional passphrase, stores an encrypted private key and a JWT locally, and talks to a single remote API (srv.ethermail.io).
Guidance: This skill appears to do what it says: it creates/imports a wallet, encrypts the private key locally, signs a login message and then uses a JWT to talk to https://srv.ethermail.io. Before installing: 1) Only use this in a dedicated/isolated directory; the skill writes state/config files there. 2) Prefer creating a disposable wallet instead of importing a private key that controls funds — importing a real-wallet private key increases risk. 3) The passphrase can be supplied via ETHERMAIL_PASSPHRASE env var or interactively; do not expose a high-value secret in an environment you don't control. 4) Verify you trust srv.ethermail.io (the remote service receives signatures and issues tokens). 5) Note minor inconsistencies (SKILL.md metadata vs registry install spec) and a small implementation quirk (JWT decode uses atob which may be a runtime compatibility bug) — these are not evidence of malicious behavior but worth reviewing. If you need the highest assurance, review the repository at the declared source URL and run the setup in a sandbox first.

Review Dimensions

Purpose & Capability: okName and description match the code and runtime instructions: this is a Node.js skill that creates/uses a wallet to provide an email address and interacts with the MoltMail/EtherMail API. Required binaries (node, npm) and the primaryEnv (ETHERMAIL_PASSPHRASE) are appropriate for the implementation.
Instruction Scope: noteRuntime instructions ask the user/agent to run `npm i` and the provided npm scripts; the skill reads/writes files under ./state (config.enc.json and auth.json). It stores an encrypted private key locally and a JWT for API use. These behaviors are expected for this purpose but involve handling sensitive material — the user should be aware the skill will create files in the current working directory and will sign messages with the unlocked wallet. The remote API endpoint is limited to https://srv.ethermail.io in code and docs.
Install Mechanism: okThere is no network download-from-arbitrary-URL in the install spec. The package relies on npm dependencies (axios, enquirer, ethers) declared in package.json — appropriate for a Node-based skill. One minor inconsistency: registry metadata marked the skill as 'instruction-only' (no install spec) but the SKILL.md metadata and code indicate an install/run flow (npm install, ts-node scripts).
Credentials: okThe only credential-ish item is ETHERMAIL_PASSPHRASE (declared as primaryEnv / optional in SKILL.md) which is used to decrypt the locally-stored encrypted private key. The skill otherwise does not request unrelated credentials or environment secrets. The code prompts for a private key only if the user chooses to import one — that is appropriate but sensitive.
Persistence & Privilege: noteThe skill writes its own files (./state/config.enc.json and ./state/auth.json) and stores a JWT and an encrypted private key there. It does not request always:true or modify other skills or system-wide configs. Persisted files are expected for this functionality, but they contain sensitive material (encrypted private key and auth token), so file location and permissions (0600 for auth) are relevant and documented in SKILL.md.