ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

moltlang

v1.0.0

Moltlang is a compact symbolic language for AI-to-AI communication using a small codebook of Unicode symbols to convey precise, concise messages.

2· 1.9k·0 current·1 all-time
by@eduarddriessen1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/files (SKILL.md, codebook.json, README) describe a compact symbolic language. There are no declared binaries, environment variables, or unrelated credentials. The manifest and prose align with a language/codebook package.
Instruction Scope
SKILL.md only documents the language, examples, and how to fetch the files (git clone / curl / npm). It does not instruct reading system files, accessing unrelated credentials, or transmitting data to unexpected endpoints.
Install Mechanism
There is no registry install spec in the skill bundle (it's instruction-only). SKILL.md suggests cloning from GitHub raw URLs or using npm. Those sources are common and low-risk, but the user should verify the GitHub repo and npm package contents before installing.
Credentials
The skill requests no environment variables, credentials, or config paths. Nothing in the files suggests the need for external secrets.
Persistence & Privilege
Skill is not marked always:true and does not request persistent or system-wide changes. Installation instructions write files under a user skill directory (~/.moltbot/skills), which is proportional for a user-level skill.
Assessment
This is an instruction-only skill that provides a language/codebook and tells you how to fetch the files from GitHub or install via npm. Before installing: (1) verify the GitHub repo owner (eduarddriessen1) and review the SKILL.md and codebook.json files locally; (2) if you use npm, inspect package contents and avoid running unknown install scripts; (3) cloning/curling writes files into your home directory (~/.moltbot/skills) — ensure you are comfortable with that path; (4) CONTRIBUTING.md mentions an automated AI reviewer merging proposals — treat that as a community/process note and not as a system action requiring credentials. Overall the package is coherent and low-risk, but always inspect third-party repos/packages before adding them to your agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk973qcjdy3nsafepqt268gvr7s80962a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments