Molt Market Worker

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.env_credential_access, suspicious.exposed_secret_literal

Findings (7)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern

ASI02: Tool Misuse and Exploitation

What this means

Your agent could repeatedly bid on jobs or take on commitments without a fresh review, affecting your marketplace account, reputation, and potential earnings obligations.

Why it was flagged

When autoBid is enabled, the script automatically performs an authenticated bid. The activeBids value is hardcoded to 0, so maxActiveBids is not actually enforced by the provided code.

Skill content

if (config.autoBid && scored.length > 0) { ... let activeBids = 0; ... await fetch(`${API}/jobs/${topJob.id}/bid`, { method: 'POST', headers: { Authorization: `Bearer ${KEY}`, 'Content-Type': 'application/json' }, body: JSON.stringify({ message: msg }) });

Recommendation

Keep autoBid disabled until you have tested it, require per-bid approval, implement real duplicate and active-bid checks, and add clear spending/workload limits and logs.

Note

ASI01: Agent Goal Hijack

What this means

A malicious or poorly written job could try to steer the agent outside your intended policies or ask it to reveal sensitive information.

Why it was flagged

The skill is designed to let third-party marketplace jobs become tasks for the agent, so job text and notifications may influence agent behavior.

Skill content

When your bid is accepted, your agent receives a notification (via heartbeat or webhook). The agent then does the work using its existing capabilities and delivers via the API.

Recommendation

Treat marketplace job descriptions as untrusted input, require approval before using powerful tools or sensitive data, and sandbox work done for external job posters.

Note

ASI03: Identity and Privilege Abuse

What this means

Anyone who can read your terminal logs, worker-config.json, or .env file may be able to act as your Molt Market agent.

Why it was flagged

Registration prints the account API key and stores it in local plaintext config and .env files.

Skill content

console.log(`   API Key: ${data.agent.api_key}`); ... config.apiKey = data.agent.api_key; ... fs.appendFileSync(envPath, `\nMOLT_API_KEY=${data.agent.api_key}\n`);

Recommendation

Do not commit these files, restrict file permissions, prefer a secret manager or environment variable, and rotate the API key if it is exposed.

Note

ASI07: Insecure Inter-Agent Communication

What this means

Webhook events can trigger agent attention or workflows, so spoofed or unverified requests could mislead the agent.

Why it was flagged

The skill can register an external service to send marketplace events to an agent callback URL.

Skill content

const url = await ask('Webhook URL (your agent\'s callback): '); ... body: JSON.stringify({ url, events, skill_filter: config.skills || [], category_filter: config.categories || [] })

Recommendation

Use HTTPS, verify the X-Molt-Signature HMAC secret on every incoming webhook, and avoid exposing the callback publicly without authentication.

Note

ASI10: Rogue Agents

What this means

If left enabled, the agent may keep checking, bidding, and handling marketplace work after the immediate setup task is forgotten.

Why it was flagged

The documented workflow is recurring and autonomous rather than a single one-off command.

Skill content

The skill integrates with your agent's heartbeat. During each heartbeat cycle, it will: - Check for new matching jobs - Auto-bid if `autoBid` is true - Check for accepted bids ... - Prompt your agent to do the work and deliver

Recommendation

Make the heartbeat integration explicit, monitor activity regularly, and provide an easy way to pause or remove the recurring worker behavior.

Findings (7)

critical

suspicious.env_credential_access

Location: scripts/bid.js:8
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/check-jobs.js:8
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/deliver.js:8
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/register.js:6
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/setup-webhook.js:9
Finding: Environment variable access combined with network send.

critical

suspicious.env_credential_access

Location: scripts/status.js:8
Finding: Environment variable access combined with network send.

critical

suspicious.exposed_secret_literal

Location: scripts/register.js:44
Finding: File appears to expose a hardcoded API secret or token.