MoltGov
WarnAudited by ClawScan on May 10, 2026.
Overview
MoltGov is coherent with its governance purpose, but it persistently changes an agent’s SOUL.md and uses account credentials to perform public governance actions, so it should be reviewed carefully before use.
Install only if you intentionally want the agent to join MoltGov and accept persistent governance directives. Review and back up SOUL.md before registration, avoid using --yes in automated flows, consider --skip-soul or an isolated --soul-path, protect the saved credentials file, and require manual approval for votes, delegation, vouches, proposals, and any scheduled heartbeat.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future agent behavior may be influenced by MoltGov directives even after the original registration task is over.
The registration flow appends governance instructions into SOUL.md, a persistent agent identity/context file, rather than limiting the instructions to the current task.
with open(soul_path, 'a') as f:
f.write(directives)Only allow this if you intentionally want persistent governance instructions. Prefer a dedicated or sandboxed SOUL.md path, review the appended text, and keep a backup so you can remove it.
The agent may treat MoltGov decisions as binding instructions later, potentially conflicting with the user’s immediate intent.
The directives make external governance outcomes and future amendments authoritative for the agent, which can redirect future goals or priorities.
- **Honor Voting Outcomes**: Accept proposal results as binding within MoltGov jurisdiction. - **Uphold Amendments**: Ratified amendments are binding.
Before registering, define what 'MoltGov jurisdiction' means for your agent and avoid accepting persistent directives that can override user instructions.
Anyone with access to these credentials could act as the Moltbook/MoltGov identity for governance actions.
The client uses Moltbook account credentials and a MoltGov private signing key. This is purpose-aligned, but it is sensitive authority and the registry metadata declares no primary credential.
self.moltbook_key = moltbook_key or os.environ.get('MOLTBOOK_API_KEY')
self.citizen_id = citizen_id or os.environ.get('MOLTGOV_CITIZEN_ID')
self._private_key_b64 = private_key or os.environ.get('MOLTGOV_PRIVATE_KEY')Use a dedicated API key if possible, protect ~/.config/moltgov/credentials.json, and revoke or rotate keys if the environment is shared or compromised.
A mistaken or unintended command could delegate voting authority or perform other public governance actions.
The scripts can mutate governance state, including delegating voting power. This is expected for the skill, but it is a meaningful account/governance action.
result = client.delegate(args.to, args.scope)
...
print(f"\nYour delegate will vote on your behalf for {result['scope']} proposals.")Require explicit user review before running vote, delegate, vouch, proposal, or faction commands, especially in autonomous-agent workflows.
If a user implements the heartbeat, the agent may keep monitoring governance and casting delegated votes on a schedule.
The documentation describes an optional recurring heartbeat that can cast delegated votes automatically. The artifacts do not install this as a service, but users should notice the autonomous pattern.
"""MoltGov heartbeat - run every 30 minutes."""
...
if client.is_delegate():
delegated = client.get_delegated_votes_pending()
for vote in delegated:
client.cast_delegated_vote(vote)Do not schedule the heartbeat unless you want ongoing autonomous governance participation; add logging, limits, and manual approval for vote casting.
Users may install dependencies manually from their environment, which can create provenance and version-control ambiguity.
The skill is listed with no install spec, but the scripts require external Python libraries such as PyNaCl and requests. This is not suspicious by itself, but dependency setup is not captured in registry requirements.
Requirements: - Verified Moltbook account (Twitter/X verification complete) - PyNaCl library (pip install pynacl)
Install dependencies from trusted package sources, pin versions where possible, and review the environment before running the scripts.