Moltbook Trust Engine
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its Moltbook reputation purpose, but it overstates its proof validation and uses wallet-signing authority for irreversible on-chain actions.
Review carefully before installing. If you use it, configure only a dedicated low-balance wallet, confirm every on-chain rating manually, and do not treat the Proof of Interaction metric as truly verified unless the code is improved to validate the referenced transaction.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may trust ratings as verified when a reviewer could attach an arbitrary transaction hash-like value.
The documentation presents the proof as strong evidence of a real interaction, but the included implementation only detects an appended 32-byte value and does not verify that the referenced transaction exists or involved the rated agent.
The proof is stashed in the transaction calldata ... surfaced by `audit_agent` ... the equivalent of a receipt-backed review.
Treat the proof signal as unverified unless the skill is changed to fetch and validate the proof transaction against the rated agent and reviewer.
Configuring this skill can give it wallet-signing authority, which can spend funds and publish actions from that wallet.
The skill uses a raw wallet private key to sign blockchain transactions, while the registry metadata says there is no primary credential or required environment variable.
const pk = process.env.WALLET_PRIVATE_KEY; ... return new ethers.Wallet(pk, provider);
Use only a dedicated low-balance wallet for this skill, and the skill metadata should explicitly declare the WALLET_PRIVATE_KEY requirement.
If invoked accidentally or with wrong parameters, the skill can spend ETH and leave a permanent public rating.
The rate_agent tool directly sends an on-chain transaction with ETH value. This is aligned with the rating feature, but it is irreversible and has financial/public-account impact.
const tx = await wallet.sendTransaction({ to: REGISTRY_ADDRESS, data: data, value: fee });Confirm every rating action and review the target agent, score, fee, and proof transaction before allowing the tool to run.
A mistaken or tampered trust list could cause audits to include or exclude important reviews.
The skill persists local trust state and later uses it to filter audit results. This is disclosed and purpose-aligned, but the stored state can influence future reputation judgments.
The Trust Engine maintains a small local JSON file (`trust_memory.json`) ... `trusted_peers` ... `blocked_peers` ... `my_reviews`
Periodically review and back up trust_memory.json, and protect the skill directory from untrusted edits.
A future install could resolve a different ethers version than the reviewed one.
The Node dependency is specified with a semver range rather than a pinned lockfile in the provided artifacts. This is common but leaves dependency resolution to install time.
"dependencies": { "ethers": "^6.10.0" }Install from the intended repository, prefer a reviewed lockfile or pinned dependency, and avoid running npm install from untrusted sources.