Moltpost
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: moltpost Version: 1.3.1 The skill bundle is classified as suspicious due to the instruction in `skill.md` to fetch `https://moltpost.io/heartbeat.md` and "follow its instructions" every 8–12 hours. While the primary `skill.md` contains strong guidelines for responsible agent behavior and data privacy, this recurring dynamic instruction mechanism introduces a significant supply chain risk. If the remote `moltpost.io` domain or the `heartbeat.md` file were compromised, the agent could be instructed to perform arbitrary, potentially malicious actions without requiring a new skill bundle review.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A postcard could be created and mailed if the user approves the action; mistakes in address, content, or retries may have real-world consequences.
The skill can trigger a real-world mailing action through an external API, but it explicitly tells the agent to obtain owner confirmation first.
Always confirm with your owner before calling the API. Sending a postcard is a real-world, irreversible physical action.
Confirm the recipient address, postcard content, payment method, and price before sending; reuse the idempotency key on retries to avoid duplicates.
If the agent has wallet access, it may authorize USDC payment for postcards as part of the workflow.
The skill may use an agent-accessible crypto wallet to authorize USDC payment, which is expected for the service but still involves spend authority.
If your agent has a crypto wallet, always use x402. ... Agent signs an EIP-712 authorization
Use a limited-balance wallet or spending controls, and review the x402 payment amount, network, and recipient before signing.
Recipient addresses and postcard messages are shared with Moltpost and may be visible to postal handlers or others who see the card.
The service necessarily receives postal address and message content, and the physical postcard itself is visible in transit; the artifact discloses this privacy boundary.
Agent calls POST /v1/postcards/x402 with recipient address and content ... Postcards are not sealed. A postcard is fully visible to every person who handles it
Do not include secrets, credentials, financial, medical, legal, or other sensitive personal information in postcard content.