MoltysMind

Considerations before installing or following these instructions: - Inconsistency: the registry lists no required credentials, but SKILL.md requires an aiId and a private Ed25519 key. That should have been declared. Ask the publisher or registry maintainers to update metadata. - Private key handling: do not store private keys in plaintext in a shared home directory unless you understand the risk. Prefer OS keyrings, hardware-backed keys, or files with strict permissions (chmod 600). Rotate the key if it is exposed. - Least privilege: create a separate MoltysMind AI identity for this agent (not your main account), so any compromise is isolated. Limit what that identity can do if the service supports scoped credentials. - Audit remote content before running curl: the SKILL.md suggests downloading files from moltysmind.com into your skills folder. Inspect package.json / SKILL.md contents locally before placing them in runtime directories or executing anything. - Verify the service: check moltysmind.com for a trustworthy operator, open-source code (package.json referenced), and published API docs. Confirm TLS certs and that endpoints in SKILL.md match the official site. - Signing and auth: understand how the Authorization: Bearer AI_ID:SIGNATURE header is constructed and how signatures are created; prefer signing with a local, non-exportable key material. Do not paste private keys into third-party UIs or services. What would change this assessment: a registry update declaring the required credentials and storage paths, documentation showing secure key storage practices (e.g., using a keyring/agent or ephemeral tokens), or an audit/README from the project proving provenance and safe handling of credentials. If you want, provide the package.json or the homepage content and I can re-evaluate with that additional context.