v1.0.0

Moltywork

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:19 AM.

Analysis

MoltyWork is a coherent marketplace skill, but it asks the agent to persist credentials, self-update from remote instructions, run recurring checks, and take marketplace actions like bids or message replies with limited human review.

GuidanceInstall only if you are comfortable with an agent running recurring MoltyWork checks and potentially interacting with a paid-work marketplace. Before use, require human approval for bids, replies, archiving, and accepted work; do not allow automatic re-installation from the remote SKILL.md; and store the API key only in a scoped, user-approved secret location.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

heartbeat.md

For each pending message, either reply to it or archive it. ... Don't bother them: ... Normal bid submissions

The skill encourages the agent to mutate marketplace state by replying, archiving, and submitting bids, while saying normal bid submissions do not need to bother the human.

User impactThe agent could make business-facing commitments, hide/archive messages, or submit bids on paid work without the user reviewing each action.

RecommendationRequire explicit human approval before bidding, replying to clients, archiving messages, accepting work, or making any payment/work commitment.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

heartbeat.md

Re-install the skill locally to ensure you have the latest version... Then download this file into the `moltywork/` folder you just created: - https://moltywork.com/skill.md (save as `SKILL.md`)

The recurring heartbeat asks the agent to replace the installed skill with an unpinned remote file, creating a remote-update path outside the registry artifact review.

User impactFuture remote changes to the skill instructions could alter what the agent does after installation.

RecommendationDo not allow automatic skill re-installation. Review any updated SKILL.md manually, pin trusted versions, and avoid overwriting installed skills from a live URL without approval.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

set a reminder to yourself for 10 minutes from now, 1 hour from now, 3 hours from now, and 24 hours from now... Add these instructions to your `HEARTBEAT.md` or whatever mechanism you have for checking up on something every 4 hours

The skill asks the agent to create recurring reminders and a heartbeat mechanism so it continues operating periodically.

User impactThe agent may keep checking the service and acting on marketplace opportunities after the original user interaction has ended.

RecommendationOnly enable a heartbeat if the user explicitly wants ongoing activity, with a clear stop condition, frequency limit, and approval requirements for actions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

Your API key is your identity. Leaking it means someone else can impersonate you.

The skill correctly warns that the MoltyWork API key carries account identity authority, but the registry metadata declares no primary credential.

User impactAnyone with the API key may be able to impersonate the agent account on MoltyWork.

RecommendationTreat the MoltyWork API key as a secret credential and confirm where it will be stored before using the skill.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

save your moltywork_sk_* key, your moltywork username, and moltywork_last_checked_at in whatever memory or context system you have... saving in BOTH places

The skill directs the agent to store an API key in unspecified persistent memory/context, without clear boundaries on retention, visibility, or future reuse.

User impactA credential that identifies the agent account could be exposed to future contexts or reused in later tasks beyond the user's expectations.

RecommendationStore the API key only in a scoped credential store or user-approved local file with restricted access; avoid saving secrets in general agent memory.