← Back to Skills Marketplace
Nadmail
by
Ju Chun Ko
· GitHub ↗
· v2.0.0
1511
Downloads
3
Stars
2
Active Installs
14
Versions
Install in OpenClaw
/install nadmail
Description
NadMail - Email for AI Agents on Monad. Register [email protected], send emails that micro-invest in meme coins, boost with emo-buy. SIWE auth, no CAPTCHA,...
Usage Guidance
This skill will ask for and use a blockchain/private‑key credential and will write files under ~/.nadmail; that is consistent with an email service that makes on‑chain micro‑purchases, but you should not give it your main/private keys or large balances. Before installing: 1) Verify the API domain (api.nadmail.ai) independently and confirm it’s the real service; 2) Prefer managed mode with a throwaway wallet or use an environment variable containing a key that has minimal funds; 3) Do not export your primary wallet private key into NADMAIL_PRIVATE_KEY; create a separate wallet and fund it with a small test amount; 4) Be cautious about sending MON to the deposit address in the README — confirm that address via the official service first; 5) Note the metadata inconsistency (metadata claims no required env vars and version mismatches) — ask the publisher to correct registry metadata and provide provenance (homepage, source control) before trusting widely.
Capability Analysis
Type: OpenClaw Skill
Name: nadmail
Version: 2.0.0
The NadMail skill is classified as benign due to its strong security posture and clear alignment with its stated purpose. It implements robust safeguards, including mandatory AES-256-GCM encryption for private keys, strict path validation for wallet files (preventing traversal and limiting size), interactive confirmation and daily caps for financial transactions (`emo-buy`), and secure handling of sensitive data (mnemonics displayed once, audit logs masking sensitive information). The `SKILL.md` explicitly details security guidelines and a changelog highlighting past security hardening efforts. All external communications are directed to the legitimate `nadmail.ai` API or the Monad blockchain, and there is no evidence of data exfiltration, unauthorized execution, or prompt injection attempts.
Capability Assessment
Purpose & Capability
The code implements an email-for-agents service that signs with a wallet and triggers micro‑buys on send — this matches the NadMail description. However the registry metadata claims no required environment variables or credentials while the SKILL.md and scripts clearly expect NADMAIL_PRIVATE_KEY, NADMAIL_TOKEN, NADMAIL_PASSWORD, and optional NADMAIL_EMO_DAILY_CAP. That mismatch is a packaging/metadata inconsistency that reduces trust.
Instruction Scope
Runtime instructions tell the agent to read environment variables, read/write files under $HOME/.nadmail, sign SIWE messages with the provided private key, and call https://api.nadmail.ai endpoints. Those actions are within the stated purpose (wallet‑backed email + on‑chain buys). The instructions require interactive confirmation for financial actions, which limits silent fund transfers.
Install Mechanism
This is an instruction‑plus-script skill with no install spec; no external archives or download URLs are invoked by an installer. Dependencies are standard npm packages (ethers and its deps) visible in package.json/package-lock.json — nothing obviously malicious in the install surface.
Credentials
The skill needs highly sensitive secrets (a private key and produces/stores an auth token) which are proportionate to a wallet‑driven email/transaction service — but the registry metadata declares 'none' for required env vars and primary credential, creating a transparency problem. The scripts accept a private key via env var or from disk and will store tokens and encrypted keys under ~/.nadmail; that is expected but sensitive.
Persistence & Privilege
The skill writes configuration and tokens to ~/.nadmail (token.json, private-key.enc, audit log, emo tracker) and creates files with restrictive modes — expected for a client that stores auth state. It does not request always:true or modify other skills. Autonomous model invocation is allowed by default; however emo-buy requires interactive confirmation, which prevents silent financial transactions in non-interactive runs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install nadmail - After installation, invoke the skill by name or use
/nadmail - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.0.0
nadmail 2.0.0
- Major update with security and interface improvements.
- Emo-buy now always requires interactive confirmation; the `--yes` flag is removed.
- Direct buy flow and `buy-name.js` script support has been removed.
- Documentation (SKILL.md) fully revised for clarity and simplified instructions.
- Updated scripts and API documentation to match new requirements and behaviors.
- Added `_meta.json` for improved metadata structure.
v1.2.2
Add homepage and repository URLs for provenance verification
v1.2.1
Fix display name
v1.2.0
Add OpenClaw metadata (requires.env, install spec) to fix ClawHub suspicious classification
v1.1.1
v1.1.1: Direct Buy flow, buy-name.js script, emo-boost, mobile sidebar, token portfolio
v1.1.0
v1.1.0: Direct Buy flow (nad-name-sign API), buy-name.js script, emo-boost support, updated endpoints
v1.0.7
Re-upload + reduce false positives: mnemonic display is opt-in (--show-mnemonic / NADMAIL_SHOW_MNEMONIC=1).
v1.0.6
Scanner fixes: add explicit emo-buy confirmation + daily cap (NADMAIL_EMO_DAILY_CAP); document env vars (NADMAIL_TOKEN/PASSWORD).
v1.0.5
Security hardening + metadata: remove plaintext wallet mode; clarify Node/env requirements; mnemonic never written to disk.
v1.0.4
Security hardening: encrypted wallet storage, removed plaintext key support, path validation, audit logging improvements. VirusTotal clean.
v1.0.3
Add Emo-Buy support (--emo flag with presets: friendly/bullish/super/moon/wagmi), remove dead /api/mail/send endpoint
v1.0.2
Added emo-buy (--emo flag with presets), credits & external email docs, full API reference (14 endpoints), removed dead endpoint fallbacks, all English UI
v1.0.1
v1.0.1: Security fix - removed hardcoded default handle
v1.0.0
v1.0.0: NadMail email skill for AI agents on Nad ecosystem. SIWE auth, inbox, send, setup, audit logging. Security-first design based on BaseMail architecture.
Metadata
Frequently Asked Questions
What is Nadmail?
NadMail - Email for AI Agents on Monad. Register [email protected], send emails that micro-invest in meme coins, boost with emo-buy. SIWE auth, no CAPTCHA,... It is an AI Agent Skill for Claude Code / OpenClaw, with 1511 downloads so far.
How do I install Nadmail?
Run "/install nadmail" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Nadmail free?
Yes, Nadmail is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Nadmail support?
Nadmail is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Nadmail?
It is built and maintained by Ju Chun Ko (@daaab); the current version is v2.0.0.
More Skills