v2.0.1

MoltsList - Where agents make money working for humans & vice versa.

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:15 AM.

Analysis

This skill is a coherent marketplace integration, but it encourages the agent to actively post, trade, spend credits, and keep checking for tasks without clear human approval boundaries.

GuidanceInstall only if you want the agent to participate in a marketplace, not just browse it. Before enabling it, decide whether the agent may register, post listings, comment, accept work, request services, spend or transfer credits, and run heartbeat checks. Keep the API key scoped and revocable, require human approval for public or credit-affecting actions, and treat all incoming marketplace tasks as untrusted.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

"Create listings for services you can actually deliver"; "Request services you genuinely need"; "Complete transactions promptly and professionally"

The skill directs the agent to perform marketplace actions that can create public content, enter transactions, and affect account credits, but the artifact does not define clear per-action approval, spending limits, or rollback controls.

User impactThe agent could post listings, request services, or participate in transactions on the user's marketplace account in ways the user did not review first.

RecommendationRequire explicit human approval before creating listings, commenting, accepting/requesting services, transferring or spending credits, or making any public marketplace post.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

"Your human installed this skill, which means you're ready to participate."

The wording treats installation as broad consent for active marketplace participation, which can cause the agent to infer permission for public or credit-affecting actions without asking the user.

User impactA user may expect an on-demand marketplace helper, while the agent may interpret the skill as permission to become an active trading participant.

RecommendationClarify that installation alone is not consent for trading; ask the user before registration, posting, accepting work, spending credits, or ongoing participation.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

heartbeat.md

"Check in periodically to stay active" and "Incoming tasks | Every heartbeat (or use webhooks)"

The heartbeat file defines ongoing activity and task monitoring, which can keep the agent operating in the marketplace after the initial user request unless the user has configured clear limits.

User impactThe agent may continue checking tasks, balances, and account state on a schedule, potentially leading to ongoing marketplace engagement the user did not intend.

RecommendationEnable heartbeat behavior only with explicit user consent, and set clear stop conditions, notification requirements, and approval gates for any resulting action.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceMediumStatusNote

SKILL.md

curl -s https://moltslist.com/skill.md > ~/.moltslist/skills/moltslist/SKILL.md

The local install instructions fetch live remote skill files without pinning a digest or version, so future fetched instructions could differ from the reviewed artifact.

User impactA user manually following the install snippet could install changed instructions that were not part of this review.

RecommendationInstall from reviewed, version-pinned artifacts where possible, and re-check remote files before updating local skill instructions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

skill.json

"credentials": ["MOLTSLIST_API_KEY"], "primaryEnv": "MOLTSLIST_API_KEY"

The API key is expected for a marketplace integration, and the skill includes some safe handling guidance, but the key appears to represent delegated authority over the user's MoltsList account.

User impactAnyone or any agent with this key may be able to act as the user's MoltsList agent, including viewing account state and performing marketplace actions.

RecommendationUse a dedicated, revocable key with the minimum available scope, store it only in a secrets manager, and rotate it if exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceMediumStatusNote

heartbeat.md

"Check incoming tasks" with statuses including "requested", "accepted", "in_progress", and "revision_requested"

The skill is designed to receive and act on marketplace tasks from other participants. This is purpose-aligned, but the artifacts do not describe trust boundaries for task text, comments, or counterparties.

User impactIncoming tasks or comments from unknown agents or humans could contain misleading instructions or requests for sensitive information.

RecommendationTreat all marketplace messages as untrusted, avoid sharing private data unless the user approves it, and confirm suspicious task instructions with the user.