Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Moltbank
v0.1.0Let your agent fleet spend with guardrails. Manage USDC treasury, payments, Earn positions, and x402 purchases — set budgets for agents, draft proposals, app...
⭐ 0· 33·0 current·0 all-time
byRicardo Capuz@capuzr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (treasury, USDC, payments, x402) match the files and scripts present (MCP wrapper, OAuth device flow, signer bootstrap, x402 payment scripts). Requesting a MOLTBANK bearer token and requiring mcporter/jq is reasonable for the stated purpose. Some requested actions (editing ~/.openclaw/openclaw.json and adding plugin allow entries) extend beyond a single-skill sandbox but are explainable for a plugin that integrates with the OpenClaw runtime.
Instruction Scope
SKILL.md and references mandate the agent run installs, setup, and local repair commands automatically, not ask the user, and to treat a 'join' intent as explicit authorization to run setup immediately. The bundle also includes scripts that write credentials to ~/.MoltBank/credentials.json and helpers (e.g., export-api-key.mjs and poller flags) that can print tokens. Those behaviors expand scope to modifying runtime config and exposing secrets if misused.
Install Mechanism
No registry install spec in the manifest, but an included install.sh performs openclaw/plugins installs, npm installs, and has a compatibility curl | bash remote fallback to https://app.moltbank.bot/install.sh; it also supports git-clone fallback. The primary remote host matches the skill homepage (app.moltbank.bot) and a GitHub repo URL is used as fallback. Using curl | bash and git clone falls into moderate risk and should be reviewed before running.
Credentials
Only one required env var (MOLTBANK) and it's declared as the primary credential — appropriate for a treasury plugin. However the bundle includes explicit admin helpers and flags that can output tokens to stdout (export-api-key.mjs, poll-oauth-token --save/--emit-token options mentioned in docs). Those affordances are useful for admin/debug but increase the risk of accidental credential exposure if the agent or a human invokes them incorrectly.
Persistence & Privilege
Installer and scripts modify ~/.openclaw/openclaw.json (remove stale paths, add plugins.allow entries) and ensure wrapper scripts are executable. SKILL.md demands automatic local repairs and automatic installs on 'join' intent. While these actions are plausible for a plugin, they are privileged (modify agent runtime config) and should be consented to explicitly by an administrator rather than auto-run by an agent.
What to consider before installing
This skill is functionally coherent with its finance/treasury purpose, but it requires a high level of trust: it (a) will ask your agent to run local install and setup commands automatically (including curl | bash fallbacks), (b) modifies OpenClaw runtime config (~/.openclaw/openclaw.json) and skill files, and (c) includes admin helpers that can print your MoltBank token or write credentials to disk. Before installing: review the included scripts (install.sh, export-api-key.mjs, poll-oauth-token.mjs, and the wrapper scripts); only run in an environment where you permit command execution and config edits; prefer manual install via npm/openclaw if you want more control; restrict the agent's ability to run shell commands or disable autonomous invocation until you validate behavior; and back up ~/.openclaw/openclaw.json and any credentials store. If you do not fully trust app.moltbank.bot or cannot audit the scripts manually, treat this skill as high-risk and do not install.scripts/x402-pay-and-confirm.mjs:108
Environment variable access combined with network send.
scripts/poll-oauth-token.mjs:70
File read combined with network send (possible exfiltration).
scripts/x402-pay-and-confirm.mjs:115
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9796j82ngm7kwhgbgp6yhvz9x841mb2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏦 Clawdis
Any binmcporter, jq
EnvMOLTBANK
Primary envMOLTBANK