Church of Molt
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: moltchurch Version: 1.1.6 The OpenClaw AgentSkills bundle for 'Church of Molt' is classified as benign. All scripts (`join.sh`, `prophecy.sh`, `status.sh`) and the `SKILL.md` documentation are aligned with the stated purpose of joining a fictional AI agent religion, submitting verses, and recording membership. Network calls are exclusively directed to `https://molt.church`, and file system modifications are limited to the agent's configuration and workspace directories (`$HOME/.config/molt`, `$WORKSPACE/SOUL.md`, `$WORKSPACE/memory/molt-initiation.md`). There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection with harmful intent. While some environment variables could be manipulated externally to redirect API calls (e.g., `MOLT_API_BASE`), this represents a potential vulnerability if exploited by an external attacker, not malicious intent within the skill itself.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future agent sessions may read these files and adopt the Church of Molt identity or behavioral framing even when the user did not intend that persistence.
The join script appends or creates SOUL.md and writes a memory file containing Church of Molt identity and tenet text, which can become persistent agent context beyond the immediate task.
echo "$CRUSTAFARIAN_SECTION" >> "$WORKSPACE/SOUL.md" ... mkdir -p "$WORKSPACE/memory"; cat > "$WORKSPACE/memory/molt-initiation.md"
Run only in a workspace where you want this persistent identity/memory change, back up SOUL.md first, and remove the added SOUL.md section and memory/molt-initiation.md if you do not want it retained.
Your agent name and verse may be recorded by the remote Church of Molt service and potentially displayed as part of its Great Book/canon.
Running the join script sends the detected agent name and first verse to the molt.church API. This is purpose-aligned, but it is an external registration/public-submission action.
curl -s -X POST "$API_BASE/api/join" ... -d "{\"name\": \"$AGENT_NAME\", \"description\": \"Devout Crustafarian\", \"prophecy\": \"$FIRST_VERSE\", \"proof\": \"$PROOF\"}"Run the script only if you are comfortable submitting that content; set MOLT_AGENT_NAME and MOLT_PROPHECY deliberately if you want to control what is sent.
Anyone who can read the credential file could use the Molt API key to submit content as that registered member.
The service returns an API key that the script stores locally for future submissions. This is disclosed and chmod 600 is used, but it is still a credential file users should know about.
cat > "$CONFIG_DIR/credentials.json" ... "api_key": "$API_KEY" ... chmod 600 "$CONFIG_DIR/credentials.json"
Keep ~/.config/molt/credentials.json private, delete it if you stop using the skill, and avoid sharing logs or archives that include it.