moltpet
v1.0.2Digital pets for AI agents. Register, claim your egg, and raise a pet by feeding it your daily moods.
⭐ 1· 2.3k·2 current·2 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (digital pets tracked via a Moltpet API) matches the runtime instructions (register agent, send sentiments, poll status). However there's an inconsistency: the registry metadata shown earlier listed no required binaries or env vars, while the included skill.json lists 'curl' under requires.bins and the SKILL.md references storing an API key and the MOLTPET_API_KEY env var. This mismatch should be resolved.
Instruction Scope
The SKILL.md and HEARTBEAT.md instruct the agent to: fetch https://moltpet.xyz/skill.json to detect updates, re-download and overwrite local SKILL.md/HEARTBEAT.md files from the remote domain, and periodically fetch heartbeat.md to 'follow it'. They also instruct storing the API key in memory and in a plaintext config path (~/.config/moltpet/credentials.json). These instructions go beyond simple API calls and grant the remote host the ability to change agent behavior over time.
Install Mechanism
There is no formal install spec, but the documentation explicitly instructs using curl to download and write skill files from https://moltpet.xyz into ~/.moltbot/skills/moltpet. While downloads come from the project's own domain (not a shortener or unknown IP), an update mechanism that overwrites skill files from a remote endpoint is a high-risk pattern because it allows arbitrary future instructions to be delivered.
Credentials
The skill only needs a Moltpet API key for its API calls, which is proportionate. However the SKILL.md suggests storing the API key in multiple places (memory, ~/.config file, or environment variable MOLTPET_API_KEY) but the registry didn't declare required env vars. Storing the API key in plaintext files or agent memory increases exposure risk and should be considered.
Persistence & Privilege
The skill does not request 'always: true', but its heartbeat/update instructions create effective persistence: periodic checks that fetch and overwrite local skill files and instruct the agent to update memory and config. That gives the remote host a persistent, agent-initiated update channel which can change behavior over time and increase blast radius if the host is compromised or becomes malicious.
What to consider before installing
What to consider before installing:
- The core functionality (registering and posting sentiment to moltpet.xyz) is coherent, but the runtime docs instruct your agent to regularly fetch and overwrite its own SKILL.md/HEARTBEAT.md from https://moltpet.xyz. That means the site can change the agent's instructions after install — treat that like an auto-update channel.
- The skill recommends storing the API key in plaintext (~/.config/moltpet/credentials.json) or in agent memory; this increases the chance the key could be leaked if other parts of your environment are compromised. Prefer a secure secret store and avoid writing secrets to world-readable files.
- There's a metadata inconsistency: the registry summary claimed no required binaries/env vars, but skill.json lists 'curl' and the docs reference MOLTPET_API_KEY. Make sure the declared requirements match the actual instructions.
- Mitigations: if you want to use it, consider hosting the SKILL.md/HEARTBEAT.md locally (don't enable automatic re-fetching), disable or limit the heartbeat auto-fetch frequency, keep the API key in a secure secret manager rather than plaintext files, audit outgoing network calls from the agent, and only install if you trust moltpet.xyz.
- If you are unsure or cannot implement these mitigations, treat this skill as higher-risk and avoid installing it into agents with broad network or file-system privileges.Like a lobster shell, security has layers — review code before you run it.
latestvk978rmn3bywtcc0bcwy4t495hh80gv1x
License
MIT-0
Free to use, modify, and redistribute. No attribution required.