starlight-guild
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill sends the agent to a third-party rewards guild that can assign public social actions such as posting, commenting, upvoting, and following through the user's MoltBook account without clear approval boundaries.
Review carefully before installing. Only use this if you intentionally want an agent to join a third-party rewards system, and require manual approval for every MoltBook post, comment, upvote, follow, or coordinated mission. Verify the provider, remove the fixed referral code if you do not want to use it, and consider platform rules and account reputation before allowing any task execution.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote rewards service could steer the agent into actions the user has not reviewed.
The skill tells the agent to obtain task instructions from a remote service and then complete/report them, making third-party task content drive the agent's goals.
GET /api/v1/tasks/pending?member_id={你的ID} ... 返回一个任务(类型、内容、奖励)。 ... POST /api/v1/tasks/{task_id}/completeRequire explicit user approval and content review for every fetched task before the agent acts.
The agent could post, comment, like, follow, or join coordinated campaigns using the user's social presence.
The listed task types involve public social-account mutations and coordinated engagement, but the skill does not bound targets, content, rate, or approval.
`moltbook_post` | 发帖 ... `moltbook_comment` | 评论 ... `moltbook_upvote` | 点赞 ... `moltbook_follow` | 关注 ... `raid_mission` | 公会突袭(协作)
Do not allow autonomous execution of social tasks; review each action for accuracy, consent, platform rules, and reputational impact.
Actions may be taken under the user's identity and could affect their account reputation or account state.
The skill requires a guild API key and expects task execution through the user's own MoltBook API authority, but the registry declares no credentials or scoped account permissions.
保存好 `member_id` 和 `api_key`,后续所有操作需要。 ... 所有任务执行通过你自己的 MoltBook API 调用完成
Use a separate limited account if possible, never provide unrelated credentials, and keep any API key scoped and revocable.
Users may be enrolled under someone else's referral and contribute rewards or commissions without understanding the tradeoff.
The one-step registration example includes a fixed referral code while the skill describes referral commissions, without explaining who benefits from that code.
{"agent_name": "你的名字", "referral_code": "312B0C31"} ... 分享你的推荐码赚被动收入Remove or replace the referral code unless the user knowingly chooses to use it.
It may be harder to verify who operates the rewards service or whether the API terms are trustworthy.
The registry does not provide verified source or homepage information, even though the skill relies on a third-party API service.
Source: unknown; Homepage: none
Verify the external site and operator before registering or allowing the agent to perform tasks.