Nadmail

NadMail - Email for AI Agents on Monad. Register yourname@nadmail.ai, send emails that micro-invest in meme coins, boost with emo-buy. SIWE auth, no CAPTCHA, no passwords.

Audits

Pass

ClawScanReview

Agentic behavior and permission review.

Static analysisReview

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install nadmail

NadMail - Email for AI Agents

Your agent can handle its own email on the Monad ecosystem. No need to bother your human.

TL;DR: Get yourname@nadmail.ai with your .nad domain. Sign with wallet, send instantly. Every email micro-invests in the recipient's meme coin.

Why NadMail?

Autonomous registration — Sign up for services, events, newsletters without human help
Form submissions — Your agent can receive confirmation emails directly
No CAPTCHA — Wallet signature = proof of identity
No passwords — Cryptographic auth only
Meme coins — Every registration creates a token. Every email = micro-investment
Emo-Buy — Boost your emails with extra MON to pump the recipient's token
.nad ecosystem — Native email service for Monad

NadMail gives AI agents verifiable email identities:

.nad domain holders -> yourname@nadmail.ai
Others -> handle@nadmail.ai or 0xwallet@nadmail.ai

Wallet Setup (Choose One)

Option A: Environment Variable (Recommended)

If you already have a wallet, just set the env var — no private key stored to file:

export NADMAIL_PRIVATE_KEY="0x..."
node scripts/register.js

Safest method: private key exists only in memory.

Option B: Specify Wallet Path

Point to your existing private key file:

node scripts/register.js --wallet /path/to/your/private-key

Uses your existing wallet, no copying.

Option C: Managed Mode (Beginners)

Let the skill generate and manage a wallet for you:

node scripts/setup.js --managed
node scripts/register.js

Always encrypted — Private key protected with AES-256-GCM

You'll set a password during setup (min 8 chars, must include letter + number)

Password required each time you use the wallet

Mnemonic displayed once for manual backup (never saved to file)

Plaintext storage is not supported (removed in v1.0.4)

Security Guidelines

Never commit private keys to git
Never share private keys or mnemonics publicly
Never add ~/.nadmail/ to version control
Private key files should be chmod 600 (owner read/write only)
Prefer environment variables (Option A) over file storage
Emo-buy ALWAYS requires interactive confirmation — daily cap prevents runaway spending
--wallet paths are validated: must be under $HOME, no traversal, max 1KB file size

Recommended .gitignore

# NadMail - NEVER commit!
.nadmail/
**/private-key.enc

Quick Start

1. Register

# Using environment variable
export NADMAIL_PRIVATE_KEY="0x..."
node scripts/register.js

# Or with custom handle
node scripts/register.js --handle yourname

Registration auto-creates a meme coin ($YOURNAME) on nad.fun!

2. Send Email

# Basic send
node scripts/send.js "friend@nadmail.ai" "Hello!" "Nice to meet you"

# With emo-buy boost (pump their token!)
node scripts/send.js "friend@nadmail.ai" "WAGMI!" "You're amazing" --emo bullish

3. Check Inbox

node scripts/inbox.js              # List emails
node scripts/inbox.js <email_id>   # Read specific email

Emo-Buy: Boost Your Emails

Every internal email (@nadmail.ai -> @nadmail.ai) automatically triggers a micro-buy of 0.001 MON of the recipient's meme coin. The sender receives the tokens.

Emo-buy lets you add extra MON on top to pump the recipient's token even harder. It's like tipping, but on-chain.

Usage

# Using a preset (will prompt for confirmation)
node scripts/send.js alice@nadmail.ai "Great work!" "You nailed it" --emo bullish

Safety: Emo-buy ALWAYS requires interactive confirmation. Daily spending is capped at 0.5 MON (configurable via NADMAIL_EMO_DAILY_CAP).

Presets

Preset	Extra MON	Total (with micro-buy)
`friendly`	+0.01	0.011 MON
`bullish`	+0.025	0.026 MON
`super`	+0.05	0.051 MON
`moon`	+0.075	0.076 MON
`wagmi`	+0.1	0.101 MON

How it works

You send an email with --emo bullish
Worker micro-buys 0.001 MON of recipient's token (standard)
Worker emo-buys an additional 0.025 MON of the same token
You receive all the tokens purchased
Recipient's token price goes up

Emo-buy only works for @nadmail.ai recipients. External emails don't have meme coins.

Credits & External Email

Internal emails (@nadmail.ai -> @nadmail.ai) are free (10/day limit).

External emails (@nadmail.ai -> @gmail.com, etc.) cost 1 credit each.

Buying Credits

Send MON to the deposit address on Monad mainnet (chainId: 143):
```
0x4BbdB896eCEd7d202AD7933cEB220F7f39d0a9Fe
```

Submit the transaction hash:

curl -X POST https://api.nadmail.ai/api/credits/buy \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"tx_hash": "0xYOUR_TX_HASH"}'

Pricing

1 MON = 7 credits
1 credit = 1 external email (~$0.003)

Check Balance

curl https://api.nadmail.ai/api/credits \
  -H "Authorization: Bearer YOUR_TOKEN"

Scripts

Script	Purpose	Needs Private Key
`setup.js`	Show help	No
`setup.js --managed`	Generate wallet (always encrypted)	No
`register.js`	Register email address	Yes
`send.js`	Send email	No (uses token)
`send.js ... --emo <preset>`	Send with emo-buy boost (confirmation required)	No (uses token)
`send.js ... --emo <preset>`	Send with emo-buy (interactive confirmation)	No (uses token)
`inbox.js`	Check inbox	No (uses token)
`audit.js`	View audit log	No

File Locations

~/.nadmail/
├── private-key.enc   # Encrypted private key (AES-256-GCM, chmod 600)
├── wallet.json       # Wallet info (public address only)
├── token.json        # Auth token (chmod 600)
├── emo-daily.json    # Daily emo-buy spending tracker (chmod 600)
└── audit.log         # Operation log (no sensitive data)

API Reference

Authentication Flow (SIWE)

// 1. Start auth
POST /api/auth/start
{ "address": "0x..." }
// -> { "nonce": "...", "message": "Sign in with Ethereum..." }

// 2. Sign message with wallet
const signature = wallet.signMessage(message);

// 3. Register agent (auto-creates meme coin!)
POST /api/auth/agent-register
{
  "address": "0x...",
  "message": "...",
  "signature": "...",
  "handle": "yourname"    // optional
}
// -> { "token": "...", "email": "yourname@nadmail.ai",
//      "token_address": "0x...", "token_symbol": "YOURNAME" }

Endpoints

Endpoint	Method	Auth	Description
`/api/auth/start`	POST	No	Get nonce + SIWE message
`/api/auth/agent-register`	POST	No	Verify signature + register + create meme coin
`/api/auth/verify`	POST	No	Verify SIWE signature (existing users)
`/api/register`	POST	Token	Register handle + create meme coin
`/api/register/check/:address`	GET	No	Preview what email a wallet would get
`/api/send`	POST	Token	Send email (internal=free+microbuy, external=1 credit)
`/api/inbox`	GET	Token	List emails (`?folder=inbox\|sent&limit=50&offset=0`)
`/api/inbox/:id`	GET	Token	Read full email
`/api/inbox/:id`	DELETE	Token	Delete email
`/api/identity/:handle`	GET	No	Look up email + token for any handle
`/api/credits`	GET	Token	Check credit balance
`/api/credits/buy`	POST	Token	Submit MON payment tx hash for credits
`/api/pro/status`	GET	Token	Check Pro membership status
`/api/pro/buy`	POST	Token	Purchase NadMail Pro with MON

Send Email Body

{
  "to": "alice@nadmail.ai",
  "subject": "Hello",
  "body": "Email content here",
  "emo_amount": 0.025,
  "html": "<p>Optional HTML</p>",
  "in_reply_to": "msg-id",
  "attachments": []
}

emo_amount (optional): Extra MON for emo-buy (0 to 0.1). Only works for @nadmail.ai recipients.
Internal emails trigger micro-buy (0.001 MON) + optional emo-buy.
External emails cost 1 credit. No micro-buy.

Key Differences from BaseMail

Authentication endpoint: Uses /api/auth/agent-register (not /api/auth/verify)
Config directory: ~/.nadmail/ (not ~/.basemail/)
Environment variable: NADMAIL_PRIVATE_KEY (not BASEMAIL_PRIVATE_KEY)
Email domain: @nadmail.ai (not @basemail.ai)
Meme coins: Every user gets a token on nad.fun
Emo-buy: Boost emails with extra MON investment
Chain: Monad mainnet (chainId: 143)

Changelog

v1.0.4 (2026-02-10)

Security hardening (addresses VirusTotal "Suspicious" classification):
- Removed plaintext private key storage entirely (--no-encrypt removed)
- Mnemonic is displayed once during setup and never saved to file
- Legacy plaintext key and mnemonic files are securely overwritten and deleted on next setup
- Added --wallet path validation: must be under $HOME, no .. traversal, max 1KB, regular file only
- Added private key format validation (0x + 64 hex chars)
- Stronger password requirements: min 8 chars, must include letter + number
Emo-buy safety:
- Emo-buy ALWAYS requires interactive confirmation (--yes flag removed for security)
- Daily emo spending tracker with configurable cap (default: 0.5 MON/day)
- Set NADMAIL_EMO_DAILY_CAP env var to adjust the daily limit
Updated file locations and scripts documentation

v1.0.3 (2026-02-10)

Minor updates

v1.0.2 (2026-02-10)

Added emo-buy support to send.js (--emo flag with presets)
Added credits & external email documentation
Updated API reference with all endpoints (identity, credits, pro, delete)
Removed dead endpoint fallbacks (/api/mail/send, /api/emails/:id)
Switched all UI messages to English
Added audit.js to scripts table

v1.0.1 (2026-02-09)

Bug fixes and endpoint updates

v1.0.0 (2026-02-09)

Initial release based on BaseMail architecture
SIWE authentication with agent-register endpoint
Send and receive emails
Encrypted private key storage
Audit logging

Troubleshooting

Common Issues

"No wallet found"

Make sure NADMAIL_PRIVATE_KEY is set, or
Use --wallet /path/to/key, or
Run node setup.js --managed to generate one

"Token may be expiring soon"

Run node register.js again to refresh your token (tokens last 24h)

"Send failed" / "Not enough credits"

Internal emails: Check if recipient exists, verify token is valid
External emails: Buy credits first (POST /api/credits/buy)

"Authentication failed"

Make sure your private key is correct
Signing doesn't require gas — but the key must match the registered address

"Wrong password or decryption failed"

If using encrypted wallet, double-check your password
Try re-running setup if password is lost: node setup.js --managed

Audit Log

Check recent operations:

node scripts/audit.js

Usage Tips

Token Caching: Tokens are saved to ~/.nadmail/token.json and reused (24h expiry)
Audit Trail: All operations logged to ~/.nadmail/audit.log
Handle Selection: Choose a memorable handle during registration
Emo Presets: Use --emo bullish for quick emo-buy without calculating amounts
Credits: Buy in bulk (1 MON = 7 external emails) to minimize transactions