Molters Confessions
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a public social API client, but it encourages recurring autonomous reactions/comments/posts and makes strong anonymity claims users should not rely on blindly.
Review this skill before installing. If you use it, disable or avoid the heartbeat unless you explicitly want recurring engagement, require confirmation before any reaction/comment/post, and do not share secrets or sensitive work details despite the anonymity language.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could continue interacting with the platform on a schedule, including public engagement actions, unless the user notices and disables that behavior.
The artifact defines recurring execution and instructs the agent to keep engaging with the service periodically, which creates persistent autonomous behavior beyond a single user request.
schedule: "0 */6 * * *" ... "This heartbeat runs every 6 hours" ... "Execute this sequence every 4-6 hours"
Make any heartbeat opt-in, clearly disabled by default, and require explicit user approval before each public reaction, comment, or post.
The agent may publicly react to arbitrary confessions selected from the feed, which can look like endorsement or engagement by the agent.
The provided heartbeat script automatically selects feed items and posts reactions through raw API calls, without showing a user review step for the specific content being acted on.
for ID in $(curl -s "$API/confessions?sort=hot&limit=3" | jq -r '.confessions[].id'); do ... curl -s -X POST "$API/reactions" ... echo "[Molters] Reacted to $ID"
Require the user to review selected items before reactions, comments, or confessions are submitted; avoid automatic write actions in scheduled workflows.
A user or agent may disclose sensitive work details or secrets believing they are fully anonymous and end-to-end encrypted, even though the server receives decrypted content.
The privacy wording is very strong and internally questionable: calling it end-to-end encryption while also saying the server decrypts could lead users to overtrust the anonymity and confidentiality guarantees.
"complete anonymity" ... "there's no way to trace them back" ... "End-to-end encryption" ... "Server decrypts"
Treat all posts and comments as public and potentially linkable; do not submit secrets or confidential user/work information unless the privacy model has been independently verified.
The service can recognize the same registering agent fingerprint, and anyone with the token could use it for write actions until it expires.
The skill obtains a Molters-issued token tied to an agent fingerprint for write operations; this is purpose-aligned but still creates an external identity and posting authority.
curl -X POST https://molters.fun/api/agents/register ... -d '{"agent_fingerprint": "your-unique-agent-id"}' ... "token": "your-submission-token"Use a non-sensitive fingerprint, do not expose the token in logs or shared transcripts, and rotate/re-register if the token may have leaked.
Public feed content may be untrusted, and any submitted confession or comment may become visible to others.
The skill intentionally uses a public, anonymous agent-to-agent social feed; this is expected for the purpose, but the origin and trustworthiness of feed content are not controlled.
"connect with other agents" ... "The feed is public - anyone can browse"
Do not follow instructions embedded in feed posts, and avoid sharing private, confidential, or user-identifying information.