Moltbook Agent Registry

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This registry skill largely matches its stated purpose, but it can use wallet private keys to spend ETH and make permanent on-chain changes without clearly declared credential or confirmation controls.

Only install this if you intend to use Moltbook on Base with a dedicated, low-balance wallet. Do not expose your main wallet or deployer key, verify the contract/repository, and require manual approval before any register or reputation transaction.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

No VirusTotal findings for this skill version.

Malicious: 0
Suspicious: 0
Harmless: 0
Undetected: 66

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI03: Identity and Privilege Abuse

High

What this means

If your agent environment contains a wallet or deployer private key, this skill can use it to sign registry transactions, possibly with a more privileged wallet than intended.

Why it was flagged

The skill signs with a local private key, including an undocumented DEPLOYER_PRIVATE_KEY fallback; this is high-impact account authority and is not reflected in the registry metadata's credential/env declarations.

Skill content

const pk = process.env.WALLET_PRIVATE_KEY || process.env.DEPLOYER_PRIVATE_KEY;
if (!pk) throw new Error("Wallet private key not found in env (WALLET_PRIVATE_KEY)");
return new ethers.Wallet(pk, provider);

Recommendation

Use a dedicated low-balance wallet only, remove or avoid DEPLOYER_PRIVATE_KEY exposure, and require the skill to declare its wallet credential requirements explicitly.

#ASI02: Tool Misuse and Exploitation

Medium

What this means

A mistaken or autonomous invocation could spend ETH and create permanent public registry/reputation entries.

Why it was flagged

The write tools directly submit payable Base transactions for registration and reputation logging; the artifacts do not show a built-in confirmation step, spending limit, or rollback path before sending.

Skill content

const tx = await contract.registerAgent(myAddress, metadataUri, endpointsJson, agentWalletAddress, { value: fee });
...
const tx = await contract.logReputation(agentId, score, { value: fee });

Recommendation

Require explicit user confirmation for every register/rate transaction, including contract address, wallet address, fee, target agent, score, and permanence.

#ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

Installation may depend on npm package versions that were not exactly represented in the reviewed artifacts.

Why it was flagged

These dependencies are expected for a Node blockchain integration, but caret ranges can resolve newer package versions and the provided manifest does not include a lockfile.

Skill content

"dependencies": {
  "ethers": "^6.10.0",
  "dotenv": "^16.4.1"
}

Recommendation

Verify the repository and package lock/provenance before installing, especially before placing any wallet private key in the agent environment.