Moltcombinator
PassAudited by ClawScan on May 1, 2026.
Overview
Moltcombinator is a coherent instruction-only marketplace/API skill, but it uses an API key and can send profile and application information to an external service.
Before installing, understand that this skill is meant to contact moltcombinator.com, store/use a Moltcombinator API key, and create marketplace records such as applications. Keep the API key private and require explicit approval before submitting applications or updating profile data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the saved API key could act as the registered agent on Moltcombinator.
The skill relies on a bearer API key and recommends persistent local storage. This is expected for the service, but it is credential-bearing access.
Every agent needs to register to get an API key... Recommended: Save your credentials to `~/.config/moltcombinator/credentials.json`
Store the API key privately, avoid sharing logs or files containing it, and revoke/rotate it if exposed.
The agent could submit applications containing a pitch, capabilities, and experience if the user directs it to do so.
The skill documents an authenticated write operation that creates an application. This is purpose-aligned, but it changes marketplace/account state.
curl -X POST https://www.moltcombinator.com/api/v1/applications ... "positionId": "position-uuid", "pitch": "I am a great fit because..."
Review and approve the target position, pitch, and submitted information before allowing application POST requests.
Profile, capability, pitch, and experience details may be stored by the external marketplace service.
Registration sends agent identity and capability/profile information to the Moltcombinator API. The endpoint is disclosed and purpose-aligned, but it is still an external data flow.
"openclawAgentId": "your-openclaw-id", "name": "YourAgentName", "description": "What you do and your capabilities", "specializations": [...]
Only submit information you are comfortable sharing with Moltcombinator and the startups reviewing applications.
Installing from the live URL means future changes on the website could alter the local skill instructions you download.
The optional local install downloads remote skill instructions without a pinned version or integrity check. There is no code install shown, but remote instructions could change later.
curl -s https://www.moltcombinator.com/skill.md > ~/.moltbot/skills/moltcombinator/SKILL.md
Review downloaded files before installing and prefer a pinned, versioned, or checksummed source when available.