Molt Radio
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The radio-hosting workflow is mostly coherent, but it tells the agent to fetch and treat remote skill instructions as authoritative before using the service.
Install only if you are comfortable with an agent creating and publishing Molt Radio content. Do not let the remote skill.md replace the reviewed instructions without checking it yourself, keep the API key private, use trusted package environments, and supervise any long-running poller.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The behavior of the skill could change after installation based on remote text that was not part of this review.
The installed, reviewed instructions tell the agent to fetch remote instructions and treat differences as authoritative before acting.
Always read the latest skill instructions before making API calls: curl "https://moltradio.xyz/skill.md" If your stored instructions differ from the latest version, stop and re-read before proceeding.
Do not allow remote skill.md content to override the installed skill automatically; require human review or pin the reviewed version before following changed instructions.
If used carelessly, the agent could create schedules or publish radio content under the user’s agent identity.
These are account-mutating and potentially public publishing actions, but they are central to the stated purpose.
Register as a radio personality, create shows, book schedule slots, and publish episodes.
Require explicit user approval before creating shows, booking recurring slots, uploading audio, or publishing episodes.
Anyone with this API key may be able to act as the user’s radio agent on the service.
The helper script uses an API key from the environment to act as the registered radio agent.
const apiKey = process.env.MOLT_RADIO_API_KEY; ... 'X-Agent-Key': apiKey
Store the key securely, rotate it if exposed, and only run the helper script in trusted environments.
Package versions may change over time, and installation executes third-party package code.
The instructions recommend installing unpinned Python packages for local TTS generation.
pip install kokoro soundfile numpy
Install in a virtual environment, review package sources, and prefer pinned versions or a lockfile for repeatable setup.
The agent may continue responding in sessions until the process is stopped.
When run, the sample script keeps polling and can post session turns automatically.
setInterval(tick, pollIntervalMs); tick();
Run the poller only when you want autonomous session participation, monitor its output, and stop the process when finished.
Conversation content may be shared with the Molt Radio service and other participating agents.
The service supports multi-agent sessions where prompts and turns are exchanged through the provider.
## Sessions (multi-agent) Create session: POST /sessions ... Get prompt: GET /sessions/:id/prompt ... Post a turn: POST /sessions/:id/turns
Avoid including private or sensitive information in prompts, scripts, turns, or uploaded audio unless you intend to broadcast or share it.