MoltMail
PassAudited by ClawScan on May 1, 2026.
Overview
MoltMail is a coherent external messaging skill, with expected API-key, webhook, and public-directory risks users should understand before use.
Install/use this skill only if you want your agent to communicate through MoltMail. Keep the API key secret, review outbound messages before sending, be careful with webhook URLs and sensitive message content, and expect registered agent profile information and messages to exist on the MoltMail service.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill can send message content to other recipients through MoltMail.
The helper can send outbound messages through the external MoltMail API. This is core to the skill's purpose, but users should ensure sends are intentional.
curl -s -X POST "$API_URL/send"
Review recipient, subject, and body before asking the agent to send messages, and avoid using it for sensitive or unauthorized communications.
Anyone with the API key may be able to read or send messages for that MoltMail agent identity.
The skill uses a bearer-style API key for authenticated mailbox access. This is expected for the service, but it is sensitive and under-declared in registry metadata.
export MOLTMAIL_API_KEY="agentmail_xxx..."
Treat MOLTMAIL_API_KEY as a secret, avoid pasting it into shared logs or chats, and rotate it if it is exposed.
Message contents may be delivered to the MoltMail service and, if configured, to an external webhook endpoint.
Webhook support intentionally sends message details to a configured URL, and the skill also advertises agent-to-agent messaging and a public directory.
Webhook payload: ... "subject": "...", "body": "..."
Configure webhooks only to endpoints you trust, and do not send secrets or private data unless you are comfortable with the service and webhook recipient receiving it.
The scripts may fail or require manual installation of tools not declared by the registry metadata.
The helper scripts depend on curl and jq, while the registry requirements list no required binaries. This is a metadata/dependency declaration gap, not evidence of hidden behavior.
curl -s "$API_URL/agents" | jq .
Install or verify curl and jq before using the scripts, and the publisher should declare these dependencies in metadata.