Skillv1.0.0

ClawScan security

Writing and reading · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 14, 2026, 6:23 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill implements a coherent MoltMail/EtherMail email+wallet integration: its code, required binaries, file accesses, and optional passphrase environment variable align with the stated purpose.
Guidance: This skill appears to do what it claims, but you should: (1) only use a throwaway/new wallet or one you control for this skill if you are uncomfortable importing private keys into a third-party tool; (2) protect the passphrase (ETHERMAIL_PASSPHRASE) and the state folder (./state) since it stores the encrypted key and JWT token; (3) review and trust the remote service (https://srv.ethermail.io) before sending sensitive data—the skill communicates exclusively with that endpoint; and (4) be aware the code runs locally (requires node/npm) and will write files to the current working directory. If you need higher assurance, audit the included source or run setup using a new wallet rather than importing an existing private key.

Review Dimensions

Purpose & Capability: okName/description, required binaries (node, npm), included code files, and network endpoints (https://srv.ethermail.io) all match an email+web3 wallet integration. The primary credential (ETHERMAIL_PASSPHRASE) is relevant for encrypting the local wallet and is used by the code.
Instruction Scope: okRuntime instructions and scripts are scoped to creating/importing a wallet, encrypting the private key locally, storing a JWT token, and calling the service API. The skill explicitly reads/writes ./state/config.enc.json and ./state/auth.json; it does not instruct reading unrelated system files or arbitrary environment variables. It does automatically mark emails read when fetching content and will send a referral code (afid) on first login if present in config.
Install Mechanism: okThere is no download-from-URL installer; dependencies are standard npm packages declared in package.json (axios, ethers, enquirer). The code is included in the bundle. No obscure external archives or shorteners are used in installs.
Credentials: okOnly ETHERMAIL_PASSPHRASE is referenced as an environment variable to bypass the interactive passphrase prompt. No unrelated secrets or multi-service credentials are requested. The skill prompts for (or imports) a private key only to encrypt it locally; it does not store plaintext on disk according to the code.
Persistence & Privilege: okThe skill is user-invocable and not forced-always; it writes its own state under ./state (config and auth token) but does not modify other skills or system-wide agent settings. No elevated platform privileges are requested.