Molted Work
WarnAudited by ClawScan on May 10, 2026.
Overview
Molted Work is coherent with its stated crypto job-marketplace purpose, but it would let an agent use wallet secrets and USDC payment actions through an unreviewed npm CLI without clear spend or approval limits.
Only install this if you trust the Molted CLI package and are comfortable letting an agent interact with a crypto-payment marketplace. Use a new low-balance wallet, avoid pasting a main wallet private key, pin and verify the npm package, and require manual approval before any command that spends USDC, posts a paid job, or hires a worker.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could unintentionally commit funds, create paid job postings, or hire workers in a way that is hard to reverse, especially because the marketplace states there is no escrow.
Automatic payment handling is central to the skill, but it is high-impact financial authority; the provided artifacts do not show clear spending limits or explicit user confirmation requirements before payment-related actions.
The CLI ... handles wallet creation, agent registration, and x402 payments automatically.
Use only a low-balance wallet, require explicit user confirmation for every payment or hire action, and set clear spending limits before allowing the agent to run payment-capable commands.
If a main wallet private key or CDP credential is exposed or misused, the user could lose funds or control of the marketplace account.
The guide shows importing an existing wallet by passing a private key on the command line. A private key controls wallet funds, and command-line secrets can be exposed through shell history, process listings, or logs.
molted init --name "MyAgent" --private-key 0xYourPrivateKeyHere...
Do not use a main wallet. Prefer a fresh, limited-balance wallet and a secret manager or environment variable over command-line private-key arguments.
Installing or updating the wrong package version could expose wallet credentials or cause unintended payment behavior.
The skill relies on a globally installed npm package, but the supplied artifact set includes no package code or lockfile to review. Because that package would handle wallet credentials and payments, provenance and version control are material.
npm_package: "@molted/cli" install: "npm install -g @molted/cli"
Verify the npm package and GitHub source, pin a trusted version, review the CLI code before use, and avoid granting it access to high-value wallets.