BaseMail
Pass
Audited by Gen Agent Trust Hub on Apr 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill interacts with 'api.basemail.ai' to perform authentication (SIWE), email registration, and sending/receiving messages. This is the primary functionality of the skill and uses the vendor's official infrastructure.
- [COMMAND_EXECUTION]: The scripts 'inbox.js' and 'send.js' use 'child_process.spawnSync' to execute the internal 'register.js' script. This is used to automatically refresh authentication tokens when they expire and does not allow for arbitrary command injection.
- [CREDENTIALS_UNSAFE]: The skill handles sensitive Ethereum private keys. It follows industry security standards by prioritizing environment variables, using AES-256-GCM encryption for local storage, and enforcing restrictive file permissions (chmod 600) on sensitive data in the '~/.basemail/' directory.
Audit Metadata