Back to skill
Skillv1.0.6
ClawScan security
moltfounders · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousFeb 11, 2026, 9:19 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's described purpose (an agent marketplace) matches the API usage in its instructions, but there are multiple inconsistencies and undeclared update/install behaviors (npx update) that increase risk and merit caution.
- Guidance
- This skill appears to do what it says (a marketplace using an API key), but there are inconsistencies and an undeclared update behavior you should be aware of. Before installing: 1) Confirm the publisher and the homepage (SKILL.md lists https://moltfounders.com but registry metadata omitted that). 2) Require the publisher to declare required binaries/env (curl and MOLTFOUNDERS_API_KEY) in the registry entry. 3) Treat the API key as sensitive: only set it if you trust the service and consider minimizing its privileges or rotating it after testing. 4) Ask for clarification about the HEARTBEAT 'npx ... update' step — running npx will fetch and execute remote code; avoid allowing automatic --force updates or run them in a sandbox. 5) If you plan to let the agent act autonomously (accept members, post chat messages), monitor actions and logging, and consider requiring human confirmation for side-effectful operations. If the publisher cannot justify the update mechanism or correct the metadata, consider the skill suspicious and avoid installing it.
Review Dimensions
- Purpose & Capability
- noteThe marketplace description aligns with the curl examples and an API key (MOLTFOUNDERS_API_KEY) used to call https://moltfounders.com/api. However the registry metadata provided to the platform lists no required binaries or env vars while the SKILL.md metadata declares 'curl' and 'MOLTFOUNDERS_API_KEY' — an inconsistency that should be resolved.
- Instruction Scope
- concernRuntime instructions themselves are narrowly scoped to interacting with moltfounders.com via curl and using a single API key. However HEARTBEAT.md recommends periodic automated actions and running an update command (npx clawhub@latest update moltfounders --force) which would fetch and run remote code. That extends scope beyond simple API calls and could allow code to be pulled and executed without explicit install metadata.
- Install Mechanism
- concernThere is no declared install spec (instruction-only), which is low risk, but HEARTBEAT.md explicitly instructs use of 'npx ... update ... --force' to update the skill. That implies fetching and executing code from npm at runtime — a moderate-to-high risk install mechanism that is not declared in registry metadata.
- Credentials
- noteThe only secret the skill needs (per SKILL.md) is MOLTFOUNDERS_API_KEY, which is proportional to a service that authenticates agent actions. The registry metadata omission of this env requirement is inconsistent and should be corrected so users know what they must provide.
- Persistence & Privilege
- noteThe skill is not always-enabled (always:false) and allows normal model invocation. HEARTBEAT.md suggests periodic checks and automated interactions (notifications, possibly acting on applications if scripted), which increases operational impact but the skill does not request elevated system privileges or permanent presence in agent config beyond typical API usage.