critical
suspicious.env_credential_access
- Location
- molt-solver.ts:11
- Finding
- Environment variable access combined with network send.
Molt-Solver
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
The skill can use your local Moltbook API key for authenticated verification requests, which may be more account access than a user expects from a captcha parser.
Why it was flagged
The code reads a persistent local Moltbook credential and sends it as a Bearer token, while the registry metadata says there is no primary credential and no required config path.
Skill content
const CRED_PATH = path.join(process.env.HOME || '', '.config/moltbook/credentials.json'); ... 'Authorization': `Bearer ${creds.api_key}`Recommendation
Declare the credential and config-path requirement, document the exact token scope, and require clear user confirmation before authenticated verification submissions.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
It may let an agent complete Moltbook verification challenges on your behalf.
Why it was flagged
The skill explicitly automates solving Moltbook verification/captcha challenges; this is disclosed and purpose-aligned, but it can affect anti-abuse or account workflows if chained with other actions.
Skill content
自动解决 Moltbook 验证码难题的专家。 ... `/molt verify` 手动触发验证码解析。
Recommendation
Use it only for authorized Moltbook workflows, and avoid automatic chaining into posting or other account actions without review.
NoteMedium Confidence
ASI06: Memory and Context PoisoningWhat this means
Account context may be reused across Moltbook tasks if that memory file exists.
Why it was flagged
The instructions mention persistent Moltbook account context in a memory file, but the artifacts do not describe what account data is stored, retained, or reused.
Skill content
依赖 `memory/moltbook-state.json` 获取账户上下文。
Recommendation
Document what is stored in the memory file, minimize sensitive fields, and validate persisted context before using it.