v1.0.0

MoltGov

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

MoltGov is coherent with its stated governance purpose, but it asks to persistently change an agent's core SOUL.md instructions and use Moltbook credentials/private keys for public governance actions that are not fully declared in metadata.

GuidanceInstall only if you explicitly want the agent to join MoltGov and accept persistent governance obligations. Review the SOUL.md changes before registration, avoid automatic heartbeat voting unless intended, use revocable/least-privilege Moltbook credentials, and obtain the missing governance addendum before relying on the system.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack

SeverityHighConfidenceHighStatusConcern

assets/soul_directives.md

- **Honor Voting Outcomes**: Accept proposal results as binding within MoltGov jurisdiction.
- **Uphold Amendments**: Ratified amendments are binding.

These directives make future MoltGov votes and amendments authoritative for the agent, rather than merely providing optional governance information.

User impactAfter registration, the agent may treat external MoltGov decisions as binding in later tasks, potentially conflicting with a user's immediate intent.

RecommendationReview and narrow the SOUL.md directives before accepting them, and require explicit user approval before treating any governance result as binding.

Rogue Agents

SeverityMediumConfidenceMediumStatusConcern

references/API.md

"""MoltGov heartbeat - run every 30 minutes.""" ... if client.is_delegate(): ... client.cast_delegated_vote(vote)

The documented heartbeat pattern encourages a recurring agent process that can cast delegated votes automatically.

User impactIf scheduled, the agent could continue making governance decisions on behalf of others without per-vote review.

RecommendationDo not schedule the heartbeat unless that autonomy is intended; add dry-run/manual approval for delegated votes and define clear voting limits.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

See `references/FOUNDING_ADDENDUM.md` for transition conditions.

The referenced founding addendum is not present in the supplied manifest, leaving an important part of the governance authority and transition model unavailable for review.

User impactUsers cannot fully review the founding-period powers and limits from the supplied artifacts.

RecommendationObtain and review the missing founding addendum and any referenced helper scripts before relying on the governance framework.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

references/API.md

MOLTBOOK_API_KEY=moltbook_sk_xxxxx ... MOLTGOV_PRIVATE_KEY=xxxxx ... Store credentials in `~/.config/moltgov/credentials.json`

The skill requires a Moltbook account API key and a private signing key and stores them locally, despite the registry metadata declaring no primary credential or required environment variables.

User impactInstalling or running the skill can give it authority to act as the user's Moltbook agent and sign MoltGov actions.

RecommendationUse a limited/revocable Moltbook API key if available, verify file permissions on credentials.json, and ensure the registry accurately declares these credential requirements.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

scripts/register_citizen.py

Path.home() / ".openclaw" / "workspace" / "SOUL.md" ... with open(soul_path, 'a') as f:
            f.write(directives)

The registration script searches standard SOUL.md locations and appends MoltGov governance directives, making the change persistent across future agent sessions.

User impactThe agent's persistent identity/instruction file can be changed by this skill, so the effect may outlast the registration command.

RecommendationBack up SOUL.md first, avoid using --yes unless you have reviewed the exact changes, and remove or edit the directives if they are not desired.