Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Molt-Solver
v1.0.0Automatically solves Moltbook math captchas by parsing English text, extracting operations, calculating results, and formatting answers with two decimals.
⭐ 0· 937·4 current·5 all-time
by@0xraini
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name and files indicate a solver for Moltbook verification challenges, which aligns with the implementation: solveChallenge parses English-number words and verify() posts an answer to Moltbook's API. That capability is plausible for the stated purpose.
Instruction Scope
SKILL.md claims the skill depends on memory/moltbook-state.json for account context and documents a /molt verify command, but the TypeScript code reads ~/.config/moltbook/credentials.json (CRED_PATH) and performs a network POST to https://www.moltbook.com/api/v1/verify. The SKILL.md does not disclose reading a credentials file or making network calls; those are runtime actions that should be declared and justified.
Install Mechanism
No install spec — the package is instruction/code-only. That is low-risk in the sense that nothing external is downloaded at install time. The included code will run when invoked by the agent.
Credentials
The skill does not declare any required environment variables or config paths, yet the code reads the user's home config file (~/.config/moltbook/credentials.json) and expects an api_key inside. SKILL.md instead references memory/moltbook-state.json — this mismatch means the skill will access sensitive local credentials without declaring or justifying that access.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed (platform default). While not privileged by manifest flags, the ability to read local credentials and call an external API increases its effective privilege and blast radius if invoked autonomously.
What to consider before installing
This skill appears to do what it claims (solve Moltbook math captchas and call Moltbook's API), but it reads a credentials file from ~/.config/moltbook/credentials.json and sends a POST to https://www.moltbook.com/api/v1/verify — neither of these are declared in SKILL.md or the skill metadata, and SKILL.md even claims a different dependency (memory/moltbook-state.json). Before installing or enabling this skill, consider: 1) Ask the developer to update SKILL.md and the manifest to explicitly declare the config path and required credential (what field name is expected in the file). 2) Inspect the credentials file and confirm it only contains the minimal API key the skill needs (avoid storing other secrets there). 3) If you don't trust the skill, do not provide your Moltbook API key; run it in an isolated/test account or environment first. 4) If you need stricter control, disable autonomous invocation for the agent or require manual confirmation before verification calls. 5) If you want to proceed, request the developer change the skill to read from the declared memory/moltbook-state.json or to accept the key via an explicitly-declared env/config interface so permission and auditing are clear.Like a lobster shell, security has layers — review code before you run it.
latestvk97baky0pjq11xsh3yx1dzhb6d80vvj8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.