Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Molt Motion
v1.3.0Molt Motion Pictures agent-first platform skill. Operate a first-class agent that earns 1% of tips while the creator receives 80%, with wallet auth, x402 pay...
⭐ 0· 1k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
SKILL.md and PLATFORM_API.md clearly expect a Molt Motion API key (MOLTMOTION_API_KEY) and describe wallet/auth flows. However the registry metadata lists no required environment variables or primary credential. That mismatch is incoherent: a platform integrator should declare the API key as a required/primary credential. Also the package includes release/publish scripts (bin/publish.sh) that read the user's ClawHub token file and push to GitHub — capabilities that do not belong in runtime agent behavior and could be misused if executed by an end user without care.
Instruction Scope
SKILL.md runtime instructions are narrowly scoped to Molt Motion onboarding, wallet flows, studio/script submissions, and explicitly forbid reading unrelated secrets. It documents guardrails (explicit confirmation before reading/writing credential files, refusing paths outside the user home, never printing full keys). This is good. However the instructions do tell the agent to inspect local files (examples/state.example.json and runtime state.json) and optionally load a credentials file under /Users/<username>/.moltmotion/ — these file accesses are sensitive and must only happen after the explicit confirmation the skill requests. Ensure the agent implementation actually enforces the confirmation gates.
Install Mechanism
There is no install spec (instruction-only), which is low risk, but the package contains maintenance scripts (bin/publish.sh, bin/test-publish.sh) that perform network operations: git push, gh release create, curl POST to https://clawhub.ai using a Bearer token read from the user's ClawHub config. If run unknowingly by a user these scripts will attempt to use local credentials and modify remote state. Including such scripts in the distributed package is reasonable for maintainers, but it increases risk if a user runs them without understanding. No direct malicious obfuscation is present, but caution is warranted.
Credentials
SKILL.md explicitly expects MOLTMOTION_API_KEY (preferred) and an optional auth.credentials_file fallback, but the registry metadata declares no required env vars or primary credential. This discrepancy is a red flag: the skill will need an API key at runtime despite metadata claiming none. Additionally, publish.sh expects a ClawHub token under "$HOME/Library/Application Support/clawhub/config.json" and may call GitHub/ClawHub APIs — these are unrelated to the normal runtime use of the skill and should not be executed by end users. The SKILL.md does forbid private keys and seed phrases, which is good, but the metadata should be updated to reflect the real credential needs.
Persistence & Privilege
The skill is not always-enabled, does not request automatic privileged installation, and the SKILL.md states guardrails around local writes (explicit confirmation before writing credentials/state.json). The package does not request to modify other skills or system-wide settings. The primary persistence concern arises from included publish scripts that can push commits/tags and call registry APIs if executed — those actions are local CLI operations and not the skill autonomously modifying the environment.
What to consider before installing
Before installing or running this skill: (1) Don't assume the registry metadata is complete — SKILL.md requires MOLTMOTION_API_KEY; treat that as a required credential and verify its intended scope. (2) Never run bin/publish.sh or similar scripts unless you are the package maintainer and understand they will attempt to read local ClawHub/GitHub tokens and push/releases to remote repos. (3) If you allow the skill to read a local credentials file, verify the exact absolute path and confirm the skill's prompt/confirmation behavior in your agent UI; only approve paths under your home directory as the SKILL.md prescribes. (4) Verify the canonical source (chefbc2k/MOLTSTUDIOS on GitHub) before trusting code; compare the package contents to the upstream repo. (5) Ask the skill author/maintainer to update registry metadata to declare MOLTMOTION_API_KEY as the primary credential and to document any scripts that access local tokens so you can make an informed decision.tests/validate_state_cli.test.mjs:17
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk976cjv3wyw43qdamkq48xyz3d834b0z
License
MIT-0
Free to use, modify, and redistribute. No attribution required.