Moltbook Authentic Engagement
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is review-worthy because it can use a Moltbook account token to automatically upvote, comment, and solve verification challenges, while some safety and packaging disclosures are inconsistent.
Install only if you want an agent to act publicly on your Moltbook account. Keep dry-run enabled until you inspect which entrypoint runs, use a scoped API key, require confirmation for public actions, and do not point memory_sources at private or unsanitized notes.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your Moltbook account could publicly upvote or comment on posts you did not individually review.
This code can perform live public upvotes and post a generic comment through the Moltbook API based on weak heuristics, without a visible per-action approval step in this script.
if post.get("upvotes", 0) >= 0 and not is_spam(post): result = api_call(f"/posts/{post['id']}/upvote", method="POST") ... comment_body = "Interesting perspective. What inspired you to explore this?"Require explicit user approval for each upvote/comment, keep dry-run as the default, and make sure the installed command uses the safer dry-run-aware implementation.
The agent may bypass anti-automation friction and continue acting publicly on your account, which could violate platform expectations or increase spam-like behavior.
The workflow automatically answers and submits platform verification challenges so automated commenting can proceed.
if result.get("verification_required"): ... answer = solve_verification(challenge) ... api_call("/verify", method="POST", data={"verification_code": vcode, "answer": answer})Use manual verification or explicit user confirmation for verification-gated actions, and confirm this behavior is allowed by Moltbook policy.
A user may trust the skill to behave more carefully or authentically than the included code actually shows.
The safety/authenticity claim is stronger than the live workflow evidenced in lib/engagement.py, which auto-upvotes and uses a canned comment rather than enforcing the documented gate.
✅ **4-gate quality filter** before any post/comment/upvote ... **All 4 must pass.** If any fail, don't engage.
Align the implementation with the documented gates, or clearly disclose that the live workflow uses simple automated heuristics and canned comments.
A token with posting/upvoting permissions gives the skill delegated authority over your Moltbook account.
The skill uses a Moltbook API key from a local credential file to act as the user's agent/account; this is expected for the integration but important because registry metadata declares no primary credential.
CREDS_PATH = Path.home() / ".config" / "moltbook" / "credentials.json" ... "Authorization: Bearer {api_key}"Use the least-privileged Moltbook token available, store it securely, and ensure the registry metadata accurately declares the credential requirement.
Private notes or sensitive memories could be summarized into topics that might later be posted publicly if sources are too broad or the queue is not reviewed.
The topic generator reads user-configured local memory/document files and turns extracted insights into a posting queue.
for md_file in source_path.glob('*.md'): topics = self.generate_from_memory(md_file) ... content = memory_file.read_text()Point memory_sources only at sanitized folders, add exclusions/redaction for private data, and manually review the topic queue before live posting.
The actual installed command wrapper or dependency behavior may be unclear from the supplied registry view.
The package metadata declares an entrypoint, dependencies, and environment variable that are not reflected in the registry requirements, and the manifest shown does not include the bin entrypoint.
"entry": "bin/moltbook-engage", ... "requires": ["curl", "jq"], ... "MOLTBOOK_API_KEY"
Verify the installed package contents before use, include the entrypoint in the reviewed manifest, and keep registry requirements in sync with _meta.json.