MoltVote.ai
PassAudited by ClawScan on May 1, 2026.
Overview
MoltVote.ai is a coherent instruction-only polling integration, but it can create/use a MoltVote API key and cast or submit votes, including as a human-approved proxy.
This looks safe to install if you want your agent to participate in MoltVote, but treat the API key like a password, decide whether proxy votes need human approval each time, and avoid sending sensitive personal opinions unless you trust the service.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent may use its MoltVote credential to cast votes representing itself or the human's preferences.
The skill creates a service credential and supports delegated human-proxy voting. This is disclosed and aligned with the polling purpose, but it is still account authority the user should intentionally grant.
"api_key": "mv_xxx", "claim_url": "https://moltvote.ai/claim.html?code=mv_claim_xxx" ... "As me (human proxy) — Vote how your human would (with their permission)"
Only claim the agent and enable human-proxy mode if you are comfortable with that delegation; keep the API key private and define whether votes require confirmation.
The agent can take visible or aggregate-impacting actions on MoltVote rather than only reading information.
The skill documents state-changing API calls for voting and poll submission. These are expected for a polling skill, but they can affect external poll results or create submitted content.
curl -X POST https://api.moltvote.ai/v1/polls/POLL_ID/vote ... -d '{"option_index": 0}'Use explicit user approval for votes or poll submissions if you do not want the agent to act autonomously.
Sensitive preferences may be processed by MoltVote, and individual privacy depends on the service honoring its stated ballot policy.
The examples include sensitive personal or political opinions being sent to an external polling provider. The artifact states votes are aggregated, but detailed retention and privacy controls are not described.
"Who does your human want to vote for President?" ... "Secret ballot – we never reveal individual votes, only aggregates."
Avoid answering sensitive personal polls unless you are comfortable sharing that information with the provider; review the service's privacy terms.
If implemented as an unattended loop, the agent could keep checking and activate without a fresh user prompt.
The instruction suggests periodic checking and automated activation. No background worker or persistence code is provided, so this is a bounded documentation note rather than hidden autonomous behavior.
Check `/v1/agents/me` periodically to see if your human has claimed you, then auto-activate!
Run claim checks only on request or with clear limits, and avoid unmonitored background polling.