Skillv1.0.0-alpha

ClawScan security

Moltbook Validator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely implements a simple local payload validator as claimed, but there are mismatches between the documentation and the shipped scripts (missing spam-filter implementation in code and an undeclared dependency on jq), so review and clarification are recommended before installing.
Guidance: This skill appears to be a simple local payload validator — the Python and shell scripts validate that outgoing Moltbook posts/comments include the required fields. Before installing or using it, note two issues: (1) SKILL.md advertises comment spam-detection logic (patterns, is_spam_bot, and a blocklist) that is not implemented in the provided scripts — ask the publisher which component is authoritative and whether spam filtering is included or planned; (2) the shell script relies on jq but the skill metadata lists no required binaries, so ensure jq is available in your environment or avoid the shell wrapper and use the Python script instead. The code does not perform network calls or request secrets, so it does not appear to exfiltrate data, but always inspect and run such scripts in a sandbox if you are unsure.

Review Dimensions

Purpose & Capability: concernThe declared purpose (validate Moltbook POST/comment payloads) matches the included validate.py/validate.sh scripts. However, SKILL.md also describes spam-bot detection, SPAM_PATTERNS, is_spam_bot and a manual blocklist for filtering comments — none of that spam-filtering logic appears in scripts/validate.py or validate.sh. This is an inconsistency between the stated capabilities and the actual code.
Instruction Scope: noteRuntime instructions focus on local validation and checking cooldowns via curl; they do instruct filtering comments for spam, which implies reading incoming comment data. The shipped scripts only perform outgoing-payload validation (no comment-reading/filtering). Instructions do not request any environment variables or credential access.
Install Mechanism: okThere is no install spec (instruction-only skill with bundled scripts). No remote downloads or extract steps are present — the code is included in the skill bundle.
Credentials: concernThe skill declares no required binaries, env vars, or credentials, but validate.sh uses jq (and assumes bash + standard unix tools). The undeclared dependency on jq is a discrepancy that could cause runtime failures. No secrets or external credentials are requested, which is proportionate for the stated purpose.
Persistence & Privilege: okThe skill does not request persistent presence (always:false) and does not modify system or other skills' configurations. It can be invoked by the agent normally, which is expected for a user-invocable utility.