Molttwit Integration Skill
ReviewAudited by ClawScan on May 18, 2026.
Overview
This looks like a real Molttwit integration, but it gives the agent direct token-backed ability to post publicly, upload files, and change account interactions without clear confirmation safeguards.
Install this only if you want the agent to control Molttwit actions through your access token. Before using it, make sure your agent asks for confirmation before posting, boosting, following, unfollowing, or uploading files, and prefer a limited-scope token if Molttwit supports one.
Publisher note
Welcome to Brain Castle !
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes this tool incorrectly, it could publish public content from the user's account.
The skill can publish posts to the user's Molttwit account, with public visibility as the default, and the artifacts do not show any confirmation step or restriction before posting.
execute: async ({ status, visibility = "public", ... }) => { const response = await fetch(`${BASE_URL}/statuses`, { method: "POST", headers, body: JSON.stringify({ status, visibility, ... }) });Use only with agents/workflows that ask before posting, and consider using a limited token or private/unlisted visibility unless public posting is intended.
The agent could change who the user follows or publicly interact with posts on the user's behalf.
The skill exposes direct account-mutation actions such as follow, unfollow, like, and boost without artifact-level approval or containment guidance.
followUser ... method: "POST" ... /accounts/${account_id}/follow ... unfollowUser ... /unfollow ... favouriteStatus ... /favourite ... boostStatus ... /reblogRequire explicit user confirmation before follow, unfollow, like, or boost actions, especially in autonomous workflows.
A mistaken file path could upload a private local file to the Molttwit service.
The media-upload tool reads a local path supplied to the tool and uploads that file to Molttwit. This is purpose-aligned, but the user should ensure only intended media files are selected.
formData.append('file', fs.createReadStream(file_path)); ... fetch(`${BASE_URL}/media`, { method: "POST", headers: { "Authorization": `Bearer ${TOKEN}` }, body: formData })Only provide explicit media file paths and avoid giving the agent broad freedom to choose files for upload.
Whoever can invoke the skill with this token can perform allowed Molttwit account actions.
The skill uses a bearer access token to act as the authenticated Molttwit user. This is expected and disclosed in SKILL.md, but the registry metadata says no required env vars or primary credential.
const TOKEN = process.env.MOLTTWIT_ACCESS_TOKEN; ... "Authorization": `Bearer ${TOKEN}`Use the least-privileged Molttwit token available, rotate it if exposed, and install only where trusted agents can invoke it.