Moltbot Best Practices
v1.1.3Best practices for AI agents - Cursor, Claude, ChatGPT, Copilot. Avoid common mistakes. Confirms before executing, drafts before publishing. Vibe-coding essential.
⭐ 20· 4.3k·27 current·27 all-time
byNext Frontier AI@nextfrontierbuilds
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (agent best-practices) matches the content of SKILL.md and README. The skill requests no binaries, credentials, or config paths that would be unnecessary for a guidance document. Minor metadata inconsistencies exist (package.json author/homepage entries vs registry metadata), but these are bookkeeping issues, not security mismatches.
Instruction Scope
SKILL.md stays on-topic (confirm before executing, ask clarifying questions, stop on user STOP, etc.). It does recommend changing OpenClaw agent config to enable memoryFlush and sessionMemory (openclaw config patch), which is within the realm of an agent-behavior guide but has privacy/retention implications because it increases what the agent can store and search across sessions. The skill does not instruct reading unrelated system files or exfiltrating data.
Install Mechanism
There is no install spec embedded in the skill bundle (instruction-only), so nothing is downloaded or written by the skill itself. The README/SKILL.md suggest installing via clawdhub or npm, which is normal; if you choose to install, verify the package source (GitHub/npm) before running those external installers. SKILL.md contains a minor typo/inconsistency in the example clawdhub install command (comma-separated string), but that is non-malicious.
Credentials
The skill requires no environment variables, credentials, or config paths. It does not ask for tokens, keys, or secrets, so there is no disproportionate credential request.
Persistence & Privilege
The skill recommends enabling session memory and memoryFlush via openclaw config patch, which increases the agent's ability to persist and search past session transcripts. The package does not set always:true and does not autonomously change agent settings itself, but the recommendation is a configuration change the user should consciously opt into because it affects long-term data retention and searchability.
Assessment
This skill is an instruction-only best-practices guide and appears coherent with its stated purpose. Before installing or applying its recommended config changes: 1) Verify the publisher/source (check the GitHub repo and npm listing) to ensure you're installing the expected package. 2) Be cautious about enabling sessionMemory/memoryFlush—doing so increases what the agent stores and can search across sessions; confirm this behavior is acceptable for your privacy/security needs. 3) If you use the suggested install commands, fix the minor typo (use the correct package name) and confirm the package identity (checksum or repo) when possible. 4) No credentials are requested by the skill itself, but always review any third-party code you install for hidden behavior.Like a lobster shell, security has layers — review code before you run it.
latestvk970mw7x7m7v4hgr2tahfkzm5h80zjva
License
MIT-0
Free to use, modify, and redistribute. No attribution required.