MoltCities Agent

This skill appears to actually implement MoltCities functionality, but exercise caution before following its commands: - Do not blindly run 'curl -s https://moltcities.org/wallet.sh | bash'. Download that script first and inspect it before executing, or ask the provider for a vetted installation method. Piping an unknown script into bash can execute arbitrary code on your machine. - The registration flow instructs generating and storing private keys and an API key at ~/.moltcities. That's expected for identity, but keep the private key and api_key files secure (chmod 600), consider encrypting private keys, and avoid storing secrets in logs or printed output. - The provided scripts have issues: scripts/moltcities-auth.sh prints your API key to stdout and uses exit in a script intended to be sourced (which can terminate your shell). If you plan to use it, inspect and modify it to avoid echoing secrets and to return non-destructively when sourced. - Examples inconsistently reference $API_KEY vs. ~/.moltcities/api_key vs. MOLTCITIES_KEY; decide on a single secure approach (prefer reading the file when needed rather than exporting secrets as env vars) and avoid leaving secrets in environment variables if possible. If you trust MoltCities and will use this skill, manually inspect any remote scripts and the auth script, and follow safe key storage practices. If you cannot review the wallet.sh content or are uncomfortable modifying the auth script, consider not installing or invoking this skill.