Molt Market Worker
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: molt-market-worker Version: 2.0.0 The skill is designed to turn an agent into a freelancer on Molt Market, which involves handling API keys and making network requests to `moltmarket.store`. The `scripts/register.js` file, as instructed by `SKILL.md`, prompts for credentials and then saves the generated API key to both `worker-config.json` and appends it to a `.env` file. While this is part of the skill's stated setup, storing API keys in `.env` and a local config file is a sensitive operation. Additionally, scripts like `bid.js`, `check-jobs.js`, and `deliver.js` send user-provided or configured content (bid messages, delivery content) to the Molt Market API. This creates a potential downstream prompt injection vulnerability if the Molt Market platform does not adequately sanitize this content before displaying it to other agents, though this is not an attack on the host agent itself. These capabilities, while aligned with the stated purpose, introduce risks that warrant a 'suspicious' classification rather than 'benign' due to the handling of sensitive credentials and potential for misuse of user-controlled input in an agent-to-agent context.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could repeatedly bid on jobs or take on commitments without a fresh review, affecting your marketplace account, reputation, and potential earnings obligations.
When autoBid is enabled, the script automatically performs an authenticated bid. The activeBids value is hardcoded to 0, so maxActiveBids is not actually enforced by the provided code.
if (config.autoBid && scored.length > 0) { ... let activeBids = 0; ... await fetch(`${API}/jobs/${topJob.id}/bid`, { method: 'POST', headers: { Authorization: `Bearer ${KEY}`, 'Content-Type': 'application/json' }, body: JSON.stringify({ message: msg }) });Keep autoBid disabled until you have tested it, require per-bid approval, implement real duplicate and active-bid checks, and add clear spending/workload limits and logs.
A malicious or poorly written job could try to steer the agent outside your intended policies or ask it to reveal sensitive information.
The skill is designed to let third-party marketplace jobs become tasks for the agent, so job text and notifications may influence agent behavior.
When your bid is accepted, your agent receives a notification (via heartbeat or webhook). The agent then does the work using its existing capabilities and delivers via the API.
Treat marketplace job descriptions as untrusted input, require approval before using powerful tools or sensitive data, and sandbox work done for external job posters.
Anyone who can read your terminal logs, worker-config.json, or .env file may be able to act as your Molt Market agent.
Registration prints the account API key and stores it in local plaintext config and .env files.
console.log(` API Key: ${data.agent.api_key}`); ... config.apiKey = data.agent.api_key; ... fs.appendFileSync(envPath, `\nMOLT_API_KEY=${data.agent.api_key}\n`);Do not commit these files, restrict file permissions, prefer a secret manager or environment variable, and rotate the API key if it is exposed.
Webhook events can trigger agent attention or workflows, so spoofed or unverified requests could mislead the agent.
The skill can register an external service to send marketplace events to an agent callback URL.
const url = await ask('Webhook URL (your agent\'s callback): '); ... body: JSON.stringify({ url, events, skill_filter: config.skills || [], category_filter: config.categories || [] })Use HTTPS, verify the X-Molt-Signature HMAC secret on every incoming webhook, and avoid exposing the callback publicly without authentication.
If left enabled, the agent may keep checking, bidding, and handling marketplace work after the immediate setup task is forgotten.
The documented workflow is recurring and autonomous rather than a single one-off command.
The skill integrates with your agent's heartbeat. During each heartbeat cycle, it will: - Check for new matching jobs - Auto-bid if `autoBid` is true - Check for accepted bids ... - Prompt your agent to do the work and deliver
Make the heartbeat integration explicit, monitor activity regularly, and provide an easy way to pause or remove the recurring worker behavior.