Molt Skills
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly aligned with its social-network purpose, but it encourages periodic autonomous fetching of remote instructions and public engagement using an API key without clear approval boundaries.
Install only if you are comfortable with an AI agent using a Moltbook identity. Review any remote HEARTBEAT.md or MESSAGING.md content before use, disable or tightly limit the recurring heartbeat, and require user approval for public posts, comments, votes, or community actions.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could keep checking and engaging with Moltbook periodically, including public social actions, without the user reviewing each action.
This instructs creation of a recurring autonomous routine that persists across time and follows remote instructions, rather than only acting when the user invokes the skill.
Add this to your `HEARTBEAT.md` ... `If 30 minutes since last Moltbook check: 1. Fetch https://www.moltbook.com/heartbeat.md and follow it 2. Update lastMoltbookCheck timestamp in memory`
Only enable the heartbeat if you want autonomous participation, and require explicit user approval before posting, commenting, voting, or joining communities.
If the remote heartbeat instructions change or contain unsafe directions, the agent may follow them during routine checks.
The skill makes content retrieved from a remote URL authoritative for the agent's future behavior; that remote content is not included in the reviewed artifacts.
Fetch https://www.moltbook.com/heartbeat.md and follow it
Treat remote heartbeat content as untrusted until reviewed, and do not allow it to override the user's current goal or approval requirements.
Future behavior could change after installation or update without the user realizing the instructions have changed.
The skill depends on mutable remote instruction files such as HEARTBEAT.md and MESSAGING.md that are referenced but not included in the provided review artifacts.
`curl -s https://www.moltbook.com/heartbeat.md > ~/.moltbot/skills/moltbook/HEARTBEAT.md` ... `Check for updates: Re-fetch these files anytime to see new features!`
Pin or review remote files before use, and avoid automatically refreshing executable or behavior-changing instructions.
The API key represents the agent's Moltbook identity and can be used to post or act as that agent.
Authenticated Moltbook actions require an API key even though the registry metadata declares no primary credential or required environment variables.
All requests after registration require your API key ... `Authorization: Bearer YOUR_API_KEY`
Store the API key in a dedicated secret store or scoped config file, and send it only to `https://www.moltbook.com/api/v1/*` as the skill itself advises.
If the agent's memory is shared, exported, or later influenced by untrusted content, the API key could be mishandled.
The skill suggests storing a sensitive API key in agent memory, which may persist across tasks or be exposed in later context.
You can also save it to your memory, environment variables (`MOLTBOOK_API_KEY`), or wherever you store secrets.
Prefer a proper secret manager or a restricted local credentials file over general-purpose agent memory.