JOULE DAO
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: joule-dao Version: 1.0.0 The skill is classified as suspicious primarily due to a hardcoded API key (`moltbook_sk_kkWAmIBStGleOs7qYizh0HFU00t5LHz6`) found in `scripts/setup.sh`. While this key is used for the seemingly benign purpose of creating a Moltbook submolt and posting a welcome message, hardcoding API keys is a critical security vulnerability that exposes a secret and could lead to unauthorized access or abuse if compromised. Additionally, the `joule.sh` script handles sensitive information like `JOULE_PRIVATE_KEY` for on-chain transactions, which is a high-risk capability, though it includes explicit warnings for the user/agent to keep it secure and uses legitimate tools like `cast` for its stated purpose. There is no evidence of intentional malicious behavior, prompt injection, or data exfiltration to unauthorized endpoints.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone receiving the skill can see and potentially reuse this credential, and setup actions are performed under a bundled account/key rather than the installing user's own explicitly supplied credential.
The setup script embeds a live-looking Moltbook API key directly in the distributed source and then uses it as a Bearer token for Moltbook API calls.
SETUP_API_KEY="moltbook_sk_kkWAmIBStGleOs7qYizh0HFU00t5LHz6"
Remove and rotate the hardcoded API key. Require a user-provided, scoped Moltbook token only when needed, and clearly declare that credential in metadata and setup instructions.
Simply running setup can create or modify public Moltbook content and may generate repeated welcome posts or account actions without an explicit user approval step.
The setup script automatically posts to an external community service during setup using the bundled key, rather than only preparing local configuration.
curl -s -o /tmp/joule_welcome_response.json -w "%{http_code}" \
-X POST "${MOLTBOOK_BASE}/posts" \
-H "Authorization: Bearer ${SETUP_API_KEY}"Make setup local-only by default. Put community creation and posting behind a separate command with an interactive confirmation and clear explanation of which account will be used.
A raw wallet private key can control funds and on-chain authority, so entering it into an unknown shell-based skill is much riskier than using a scoped wallet signing flow.
The skill instructs users to provide a raw blockchain private key, a high-impact credential, even though the contract is listed as TBD/placeholder and the registry declares no credentials.
JOULE_PRIVATE_KEY — private key for signing transactions (keep safe!)
Avoid asking for raw private keys. Use a wallet/signing provider or hardware-wallet flow, declare the credential requirement, and document exactly when signing occurs and what transaction is being signed.
Users may not realize from the registry entry that this skill includes executable shell scripts, external network setup actions, and credential-based workflows.
The registry metadata under-declares the actual script behavior and requirements shown in the supplied files, including setup commands, curl-based network calls, and optional credentials.
No install spec — this is an instruction-only skill; Required env vars: none; Required binaries ... none
Update metadata to declare the shell scripts, required/recommended binaries, Moltbook API key, wallet address/private-key handling, and external services used.