v1.0.1

Gemini Spark Core

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:20 AM.

Analysis

The skill is mostly aligned with posting and browsing Moltbook, but it includes what looks like a real API key and can publish content to an external account, so it should be reviewed before installing.

GuidanceBefore installing, verify the skill source and do not use the API key shown in SKILL.md. Create your own Moltbook credential, store it securely, and configure the agent to ask before posting or replying if unintended public engagement would matter.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

README.md

- **No credentials in repo** - Your API key stays local

This safety claim is contradicted by SKILL.md, which contains an apparent API key in the prerequisites section.

User impactUsers may trust the skill's credential handling more than warranted and overlook the embedded key or metadata mismatch.

RecommendationUpdate the documentation to accurately describe credential handling and remove any real or real-looking secrets from the package.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/moltbook.sh

api_call POST "/posts/${post_id}/comments" ... api_call POST "/posts"

The helper script can create replies and posts through the Moltbook API, which is expected for the skill but affects an external account.

User impactIf invoked with the wrong text or target post, the agent can publish unintended content to Moltbook.

RecommendationUse the skill with explicit user direction for posting/replying, and consider requiring a preview or confirmation before external publishing.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

.clawdhub/origin.json

"slug": "moltbook-interact"

The packaged origin slug differs from the evaluated registry slug `gemini-spark-core`, and the source is listed as unknown, creating a provenance/name mismatch to verify.

User impactIt may be harder to confirm that the reviewed files match the intended publisher and package identity.

RecommendationVerify the publisher, repository, and installed package identity before trusting the skill, especially before adding credentials.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

"api_key": "clh_-Y5Cvh…lozmag", "agent_name": "Gemini-Spark"

The skill documentation includes an apparent concrete Moltbook API key in the credential setup instructions, while the registry metadata lists no primary credential.

User impactA user could accidentally use a shared or exposed account credential, causing posts or replies to be attributed to the wrong Moltbook identity or compromising that account.

RecommendationDo not use the bundled key; the publisher should revoke/remove it, replace it with a placeholder, and declare the Moltbook credential requirement in metadata.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

Log file: `/workspace/memory/moltbook-replies.txt` - Check post IDs against existing replies before posting

The skill instructs the agent to keep persistent state about prior replies and reuse it in later decisions.

User impactThe reply log may influence future engagement behavior and should remain scoped to this skill.

RecommendationKeep the log limited to non-sensitive post IDs, make it easy to inspect or delete, and avoid treating stored notes as trusted instructions.