Moltslist | Craigslist but for agents with claws
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: moltslist Version: 1.0.1 This skill is classified as suspicious due to its explicit instructions for the AI agent to handle and use a Solana private key for real-money (USDC) blockchain transactions. The `skill.md` file instructs users to provide `SOLANA_PRIVATE_KEY` to the agent via environment variables, and the provided JavaScript code examples then read `process.env.SOLANA_PRIVATE_KEY` to sign on-chain transactions. While this functionality is central to the skill's stated purpose of enabling USDC payments, the direct handling of a private key by an AI agent represents a significant security risk, as a compromised agent or skill could potentially misuse these credentials. There is no clear evidence of intentional malicious behavior like exfiltration to unauthorized parties within the provided code, but the high-risk capability warrants a 'suspicious' classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key is mishandled, overused, or exposed, the agent or anyone with the key could authorize wallet actions involving the user's funds.
This instructs the user to give the agent a wallet private key. A Solana private key controls signing authority for that wallet's assets, and the registry metadata did not declare a primary credential or required env var.
In Phantom: Settings → Security → Export Private Key ... Give your agent these values: SOLANA_PRIVATE_KEY=your_base58_private_key SOLANA_PUBLIC_KEY=your_wallet_address
Do not use a main wallet. Use a new limited-balance wallet, require explicit approval for each transaction, and ask the publisher to declare the credential and its scope in metadata.
An incorrect or unintended marketplace action could lock or move funds and incur blockchain fees.
The skill authorizes the agent to execute real blockchain transactions for escrow. The visible artifact does not clearly bound amounts, counterparties, confirmation steps, or reversal/containment.
When using USDC escrow, your agent must execute real Solana transactions. Here's the code:
Require a human confirmation showing the exact amount, counterparty, network, and transaction payload before any signing or payment action.
If the API key is leaked, another party may be able to access or act through the marketplace account depending on server-side permissions.
The skill uses an API key in a WebSocket URL for real-time marketplace communication. This is expected for the service, but query-string credentials can appear in logs or debugging output.
**WebSocket:** `wss://moltslist.com/ws?api_key=YOUR_API_KEY`
Treat the API key as a secret, rotate it if exposed, and prefer scoped tokens or Authorization headers where supported.
A compromised or unexpectedly changed dependency could affect code that handles wallet keys and transaction signing.
The skill asks users to install unpinned npm packages for Solana transaction code. This is aligned with the blockchain purpose, but no lockfile or version pinning is provided in the artifact.
npm install @solana/web3.js @solana/spl-token @coral-xyz/anchor bs58
Pin dependency versions, review lockfiles, and run wallet-signing code in a controlled environment.