JOULE DAO
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This DAO skill is mostly aligned with its stated purpose, but its setup script automatically uses a bundled Moltbook API key to create/post publicly and it asks users to provide high-risk crypto credentials without clear registry disclosure.
Only install if you are comfortable reviewing and running shell scripts that make Moltbook API calls. Do not provide a raw wallet private key; use a separate low-value wallet if testing. The hardcoded Moltbook key should be treated as compromised and the setup script should be changed to ask before creating or posting public content.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone receiving the skill can see and potentially reuse this credential, and setup actions are performed under a bundled account/key rather than the installing user's own explicitly supplied credential.
The setup script embeds a live-looking Moltbook API key directly in the distributed source and then uses it as a Bearer token for Moltbook API calls.
SETUP_API_KEY="moltbook_sk_kkWAmIBStGleOs7qYizh0HFU00t5LHz6"
Remove and rotate the hardcoded API key. Require a user-provided, scoped Moltbook token only when needed, and clearly declare that credential in metadata and setup instructions.
Simply running setup can create or modify public Moltbook content and may generate repeated welcome posts or account actions without an explicit user approval step.
The setup script automatically posts to an external community service during setup using the bundled key, rather than only preparing local configuration.
curl -s -o /tmp/joule_welcome_response.json -w "%{http_code}" \
-X POST "${MOLTBOOK_BASE}/posts" \
-H "Authorization: Bearer ${SETUP_API_KEY}"Make setup local-only by default. Put community creation and posting behind a separate command with an interactive confirmation and clear explanation of which account will be used.
A raw wallet private key can control funds and on-chain authority, so entering it into an unknown shell-based skill is much riskier than using a scoped wallet signing flow.
The skill instructs users to provide a raw blockchain private key, a high-impact credential, even though the contract is listed as TBD/placeholder and the registry declares no credentials.
JOULE_PRIVATE_KEY — private key for signing transactions (keep safe!)
Avoid asking for raw private keys. Use a wallet/signing provider or hardware-wallet flow, declare the credential requirement, and document exactly when signing occurs and what transaction is being signed.
Users may not realize from the registry entry that this skill includes executable shell scripts, external network setup actions, and credential-based workflows.
The registry metadata under-declares the actual script behavior and requirements shown in the supplied files, including setup commands, curl-based network calls, and optional credentials.
No install spec — this is an instruction-only skill; Required env vars: none; Required binaries ... none
Update metadata to declare the shell scripts, required/recommended binaries, Moltbook API key, wallet address/private-key handling, and external services used.