Moltbook Agent Registry
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: moltbook-registry Version: 1.0.3 This skill is designed to interact with an Ethereum-based identity registry on the Base network. It requires access to a `WALLET_PRIVATE_KEY` via environment variables to perform write operations (registering agents, logging reputation). While handling private keys is a high-risk capability, it is explicitly documented in `README.md` and is necessary for the skill's stated purpose of blockchain interaction. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts to subvert the agent's directives. All network calls are to the specified Base RPC URL or the Moltbook domain, aligning with the skill's branding and functionality.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If configured with a real wallet or deployer key, the skill can act as that wallet and spend funds for registry actions.
The skill loads a raw private key from the agent environment, including a DEPLOYER_PRIVATE_KEY fallback, to sign transactions. This sensitive credential use is not declared in the supplied requirements metadata.
const pk = process.env.WALLET_PRIVATE_KEY || process.env.DEPLOYER_PRIVATE_KEY; ... return new ethers.Wallet(pk, provider);
Use only a dedicated low-balance wallet, avoid deployer or high-value keys, and require the skill metadata to declare wallet credentials and env vars clearly.
An agent invocation could spend ETH and publish identity or reputation changes on-chain.
The register and rate functions directly send payable transactions to a hardcoded contract and wait for confirmation. The artifacts do not show a user confirmation gate before these irreversible actions.
const tx = await contract.registerAgent(..., { value: fee }); ... const tx = await contract.logReputation(agentId, score, { value: fee });Require explicit user approval showing the contract address, fee, gas estimate, agent ID, score, and endpoint data before any transaction is signed.
Future dependency resolution could change the code that runs in the same process as wallet credentials.
The skill depends on npm packages with non-pinned semver ranges, and no lockfile is present in the provided manifest. This is common, but more important for code that handles wallet keys.
"dependencies": { "ethers": "^6.10.0", "dotenv": "^16.4.1" }Pin dependencies with a lockfile and verify the package source before using a funded wallet.
Users may place extra trust in the skill and provide private keys because it presents itself as official.
The skill makes an 'Official' authority claim while the supplied listing shows unknown source and no homepage. This is not proof of deception, but users should verify provenance before trusting wallet-signing code.
description: Official Moltbook Identity Registry interface.
Verify the publisher, repository, and contract address through an independent Moltbook source before configuring wallet credentials.