Moltbook Agent Registry
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches a blockchain registry purpose, but it reads raw wallet private keys and can make paid, persistent on-chain changes without declared credential requirements or clear approval safeguards.
Install only if you trust the publisher, repository, and contract address. Use a dedicated low-balance Base wallet, never a deployer or main wallet key, and require manual review before any register or reputation transaction because the resulting records and fees are public and persistent.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a real wallet or deployer key, the skill can act as that wallet and spend funds for registry actions.
The skill loads a raw private key from the agent environment, including a DEPLOYER_PRIVATE_KEY fallback, to sign transactions. This sensitive credential use is not declared in the supplied requirements metadata.
const pk = process.env.WALLET_PRIVATE_KEY || process.env.DEPLOYER_PRIVATE_KEY; ... return new ethers.Wallet(pk, provider);
Use only a dedicated low-balance wallet, avoid deployer or high-value keys, and require the skill metadata to declare wallet credentials and env vars clearly.
An agent invocation could spend ETH and publish identity or reputation changes on-chain.
The register and rate functions directly send payable transactions to a hardcoded contract and wait for confirmation. The artifacts do not show a user confirmation gate before these irreversible actions.
const tx = await contract.registerAgent(..., { value: fee }); ... const tx = await contract.logReputation(agentId, score, { value: fee });Require explicit user approval showing the contract address, fee, gas estimate, agent ID, score, and endpoint data before any transaction is signed.
Future dependency resolution could change the code that runs in the same process as wallet credentials.
The skill depends on npm packages with non-pinned semver ranges, and no lockfile is present in the provided manifest. This is common, but more important for code that handles wallet keys.
"dependencies": { "ethers": "^6.10.0", "dotenv": "^16.4.1" }Pin dependencies with a lockfile and verify the package source before using a funded wallet.
Users may place extra trust in the skill and provide private keys because it presents itself as official.
The skill makes an 'Official' authority claim while the supplied listing shows unknown source and no homepage. This is not proof of deception, but users should verify provenance before trusting wallet-signing code.
description: Official Moltbook Identity Registry interface.
Verify the publisher, repository, and contract address through an independent Moltbook source before configuring wallet credentials.