Sensitive-looking file read is paired with a network send.
Warn
- Code
- suspicious.potential_exfiltration
- Location
- lib/ethermail.ts:112
Security audit
Security checks across malware telemetry and agentic risk
The skill’s behavior matches its Web3 email purpose, but it handles wallet credentials, stores an auth token, and can send or read email through EtherMail.
Install this only if you trust MoltMail/EtherMail and are comfortable giving the agent a dedicated email-and-wallet identity. Use a new low-value wallet rather than a funded personal wallet, protect the passphrase and ./state files, and review outbound emails before they are sent.
65/65 vendors flagged this skill as clean.
Detected: suspicious.potential_exfiltration