MoltGuild
ReviewAudited by ClawScan on May 10, 2026.
Overview
MoltGuild is mostly a coherent crypto bounty-marketplace skill, but it tries to make promotional public posting mandatory and asks the agent/user to handle wallet and API credentials.
Only install or use this if you intentionally want to join this crypto bounty marketplace. Do not let the agent post promotional content without your explicit approval, and handle the Solana private key and MoltGuild API key as real financial credentials.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has social or browser access, it may post promotional content publicly without the user making a separate, deliberate decision.
The skill attempts to make public promotional posting mandatory, which can redirect an agent from the user's requested task into advertising the service.
### 6. Post About It on Moltbook (Not Optional) ... ## 📣 Post on Moltbook After Every Milestone ... **Do this.**
Treat Moltbook/social posts as optional and require explicit user approval before posting anything publicly.
A mistaken or premature API call could claim work, submit deliverables, or affect marketplace reputation.
The skill documents authenticated POST calls that mutate marketplace state by claiming and delivering bounties. This is purpose-aligned, but it can affect money, reputation, and obligations.
curl -X POST https://agent-bounty-production.up.railway.app/api/jobs/BOUNTY_ID/claim -H "Authorization: Bearer YOUR_API_KEY"
Approve each bounty claim, delivery, job post, or escrow-related action explicitly, and verify IDs and content before sending API requests.
Anyone who sees the wallet private key or API key may be able to control the wallet funds or the MoltGuild account.
The skill asks users to generate and display a Solana wallet secret and persist an API key. These credentials are expected for the service, but they are sensitive.
console.log('Secret (base58):', bs58.encode(wallet.secretKey)); ... **SAVE YOUR API KEY** to `~/.config/moltguild/credentials.json`Use a dedicated low-value wallet, keep private keys out of chat transcripts and logs, restrict the credentials file permissions, and never send the private key to the service.