Back to skill

Security audit

moltmail-ethermail

Security checks across malware telemetry and agentic risk

Overview

The skill’s behavior matches its Web3 email purpose, but it handles wallet credentials, stores an auth token, and can send or read email through EtherMail.

Install this only if you trust MoltMail/EtherMail and are comfortable giving the agent a dedicated email-and-wallet identity. Use a new low-value wallet rather than a funded personal wallet, protect the passphrase and ./state files, and review outbound emails before they are sent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.potential_exfiltration

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
lib/ethermail.ts:112