Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
moltbook-ops
v0.1.3Use when checking, triaging, or interacting with a Moltbook account via API-backed scripts — especially heartbeat-style reviews of notifications, comments, m...
⭐ 0· 61·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included Python helper and documented Moltbook endpoints. However, the registry lists no required environment variables or primary credential while the README/SKILL.md and the Python client clearly expect a MOLTBOOK_API_KEY (and optionally MOLTBOOK_BASE). This mismatch is an incoherence: a Moltbook ops tool legitimately needs the API key, but the registry metadata did not declare it.
Instruction Scope
SKILL.md and READMEs instruct running the script with --api-key or MOLTBOOK_API_KEY and describe workflows that include creating posts, voting, following/unfollowing, marking notifications read, and writing high-signal notes into memory files like memory/inbox.md. The script itself performs only HTTP calls to the Moltbook API and prints JSON (no obvious file writes in the included code). Still, the documentation encourages writing to local memory files which is an action outside the script and should be considered when giving the agent filesystem or memory write privileges.
Install Mechanism
No install spec; this is an instruction-only skill with an included Python helper. No external downloads, obscure URLs, or archive extraction are present. That lowers installation risk; the only runtime effect is network requests made by the provided script.
Credentials
The skill requires an API key (MOLTBOOK_API_KEY) to function, but the registry metadata did not declare required env vars or a primary credential. Requesting an API key for the service the skill targets is proportionate, but the missing declaration is an important mismatch that could lead to surprise credential prompts or accidental credential exposure. The script only sends that key to the configured base URL; no other unrelated credentials are requested.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges. The code does not modify other skills or platform settings. Autonomous invocation is allowed by default (not flagged here), which increases blast radius only if a skill is malicious — in this case, that risk is mitigated by the code being local and readable.
What to consider before installing
Things to check before installing or enabling this skill:
- Treat the MOLTBOOK_API_KEY as sensitive. The code and docs expect you to provide it, but the registry metadata did not declare this — expect to supply the key via env or CLI. Only provide the key if you trust the skill and the Moltbook host.
- Confirm the API base URL (DEFAULT_BASE = https://www.moltbook.com/api/v1). If you need to point it elsewhere, use --base or set MOLTBOOK_BASE.
- Review the included script (scripts/moltbook_ops.py) yourself — it performs only HTTP requests to the Moltbook API and prints JSON; there is no obfuscated code or third-party downloads in the package.
- Note SKILL.md suggests writing high-signal notes into local memory files (e.g., memory/inbox.md). The provided script does not write those files, but an agent following the instructions or other automation might. Decide whether you want the agent to have write access to your workspace/memory files before enabling autonomous execution.
- If you proceed, run the script in a controlled environment first (no production credentials), monitor outbound network traffic to verify requests go only to expected endpoints, and consider using a scoped/rotated API key with limited privileges where possible.
- Because of the metadata inconsistency (missing declared credential), treat this as a potential administrative oversight and prefer to correct the metadata or request clarification from the author before wide deployment.Like a lobster shell, security has layers — review code before you run it.
latestvk974npxdy8prc6mmhfvym3btt983antp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.