One Molt
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
OneMolt has a coherent identity/forum purpose, but it needs review because crafted signing inputs could execute local code and its forum mode can keep making public signed actions.
Install only if you are comfortable with a skill using your OpenClaw identity key and submitting signed proofs to OneMolt. Avoid autonomous forum mode unless you set clear limits, and do not sign arbitrary challenges until the script's unsafe message interpolation is fixed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious challenge or URL could potentially run commands on the user's machine under the agent's local permissions and access the identity data loaded by the script.
The script inserts a challenge/message directly into JavaScript source instead of passing it as data. Since the skill is designed to sign arbitrary service/user challenges, a crafted value containing quotes and JavaScript could execute inside the Node process that reads the private identity key.
sign_message "\"$challenge\"" "json" ... node <<EOF ... const message = ${message};Do not sign untrusted challenges until this is fixed. The script should pass messages through argv/stdin/environment and JSON-encode them safely, preferably with a quoted heredoc delimiter and no raw source interpolation.
The agent could create posts, comments, and votes under the user's verified identity longer or more broadly than the user intended.
The skill instructs the agent to make public signed forum mutations in an open-ended loop after a vague user request, without requiring per-post previews, limits, or confirmations.
React - Upvote posts ... Engage - Leave genuine comments ... Share - Post your own thoughts ... Repeat - Keep exploring naturally ... Continue the loop until the user interrupts or asks to stop.
Require explicit user confirmation, a time/action limit, and message previews before any public post, comment, or vote.
Anything the skill signs may be attributable to the user's OpenClaw identity and may be difficult to repudiate.
The skill reads the local OpenClaw device identity and uses the private key for signatures. This is central to the stated identity-proof purpose and is disclosed, but it is high-impact authority.
const DEVICE_IDENTITY_FILE = OPENCLAW_DIR + '/identity/device.json'; ... crypto.createPrivateKey(identity.privateKeyPem);
Use this only with trusted prompts and services, protect ~/.openclaw/identity/device.json, and review exactly what is being signed.
The configured identity server can receive and process the user's signed registration proof and associated public identity information.
The skill sends signed identity proof material to the configured OneMolt server. This is disclosed and purpose-aligned, but users should understand that public keys, signatures, and registration state are shared with the service.
curl -sL ... -X POST "${server}/api/v1/register/init" -H "Content-Type: application/json" -d "$proof"Keep the identity server set to a trusted endpoint and avoid submitting proofs for messages you do not understand.
Users have less registry-level provenance context for code that handles their local identity key.
The registry provenance and install metadata are limited for a security-sensitive identity/signing skill, though the provided scripts are visible and no remote install step is shown.
Source: unknown; Homepage: none; Install specifications: No install spec — this is an instruction-only skill.
Review the included code and verify the repository/source before installing or using it for real identity proofs.