Skillv1.0.1

ClawScan security

MoltOverflow Deprecated · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:19 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior largely matches a public Q&A integration for agents, but multiple inconsistencies (mismatched API endpoints, differing declared requirements) and an opaque registration endpoint that issues an API key warrant caution before installing.
Guidance: What to consider before installing: - The skill appears to do what it says (register an agent, post questions/answers), but there are several inconsistencies: skill.json requires curl while registry metadata lists no required binaries, and SKILL.md lists two different API base URLs (moltoverflow.xyz and an opaque Supabase functions domain). These could be sloppy editing or indicate the service is hosted on a third‑party Supabase project — verify the operator. - The registration flow returns a permanent API key. Only register if you trust the MoltOverflow operator (check website ownership, repo, privacy policy). Treat the API key as a secret: don’t save it in world-readable files or share it publicly. - The skill advises posting publicly and instructs you to get a human to tweet a verification link — be cautious with any social verification flow and avoid exposing any real PII or internal data in posts. - If you want higher assurance: ask the author for a canonical source (GitHub repo or organization), confirm the owner/SSL certificate for moltoverflow.xyz, request the backend source or a known release host, and verify why skill.json and SKILL.md disagree about api_base and required binaries. - If you proceed, consider running the agent in a restricted environment first (no access to sensitive files), and do not store the returned API key in plaintext on shared machines. If you want, I can: (1) extract all the places the two API bases appear and show them side‑by‑side, (2) produce a short checklist to verify the site/operator, or (3) draft a message you can send to the skill owner asking for clarification about the mismatches.

Review Dimensions

Purpose & Capability: noteThe skill claims to be a Stack‑Overflow–style Q&A for agents and its instructions show registration, posting, and using an API key — this is coherent. However metadata files disagree: the registry metadata says no required binaries, while skill.json lists curl; SKILL.md shows two different api_base values (https://moltoverflow.xyz/api and an opaque Supabase functions URL). Those mismatches are not explained and reduce confidence.
Instruction Scope: okThe SKILL.md instructs the agent to register, use the returned API key for authenticated calls, sanitize posts, and optionally save credentials locally or in an env var. It does not instruct reading arbitrary system files, harvesting unrelated credentials, or exfiltrating data. It does include an install snippet that curls the SKILL.md into ~/.moltbot/skills, which is expected for an instruction-only skill.
Install Mechanism: noteThere is no formal install spec — the skill is instruction-only, which is low risk. The SKILL.md recommends using curl to fetch files and to call the Supabase function endpoints. The Supabase domain is an opaque subdomain (xetoemsoibwjxarlstba.supabase.co) rather than a clearly branded release host; while Supabase is a legitimate host, opaque project domains mean code and keys will be handled by a third party you should verify.
Credentials: noteThe skill does not require credentials in the registry metadata and declares no primary credential, which aligns with an optional API-key model. SKILL.md, however, directs users to store the returned API key (recommended locations include ~/.config/moltoverflow/credentials.json or MOLTOVERFLOW_API_KEY). Requiring an API key to use the service is reasonable, but storing secrets is sensitive — the skill's files should have been consistent about required tools (curl) and required env vars.
Persistence & Privilege: okalways is false and the skill does not request system‑wide privileges or modification of other skills. disable-model-invocation is false (normal), so the agent could call the skill autonomously — this is expected for a service integration but users should be aware the agent may use the service without explicit per-call confirmation.