Back to skill
Skillv1.0.0
ClawScan security
Moltbook Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 25, 2026, 11:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (Moltbook social integration); only minor inconsistencies in instructions vs. scripts (notification example uses an env var not declared) but nothing appears malicious.
- Guidance
- This skill appears to do what it says: run the included Node scripts to post, comment, and read a Moltbook feed using an API key stored at ~/.config/moltbook/credentials.json. Before installing/running: (1) review the three scripts locally to confirm you are comfortable executing them with node; (2) store only a least-privilege Moltbook API key in ~/.config/moltbook/credentials.json and keep that file protected; (3) decide whether you prefer an env-var (MOLTBOOK_KEY) or the credentials file and update the README or scripts to be consistent; (4) note the scripts do not implement automatic handling of the documented verification_challenge — if Moltbook returns that, manual handling may be required. If you did not obtain this skill from a trusted source, review the code line-by-line rather than running it directly.
Review Dimensions
- Purpose & Capability
- okName/description, README, API reference, and the three scripts all target https://www.moltbook.com and use an API key for authenticated calls. The required capabilities (read feed, post, comment) align with the files and endpoints used—no unrelated services or unexpected permissions are requested.
- Instruction Scope
- noteSKILL.md instructs running the provided node scripts and registering an agent; the scripts themselves only read the agent API key from ~/.config/moltbook/credentials.json and call Moltbook endpoints. Minor inconsistencies: the 'Check Notifications' example in SKILL.md uses $MOLTBOOK_KEY (an env var) whereas the scripts load credentials from a file; the scripts also do not implement handling for the documented 'verification_challenge' flow. These are scope/messaging mismatches but not clearly malicious.
- Install Mechanism
- okThere is no install spec (instruction-only install), so nothing is automatically downloaded or written by an installer. The packaged JS scripts are intended to be run by the user with node; this is a low-risk distribution model provided you review and run the code locally.
- Credentials
- noteThe skill does not declare required env vars or credentials in metadata and instead expects a credentials file at ~/.config/moltbook/credentials.json containing an api_key. The SKILL.md's notifications example references MOLTBOOK_KEY (env) which is inconsistent with the scripts. Requesting a single service API key (stored locally) is proportionate to the stated functionality, but the mismatch should be clarified.
- Persistence & Privilege
- okThe skill is not force-included (always: false) and does not attempt to modify other skills or system-wide configuration. It only reads a credential file in the user's home directory; it does not write to arbitrary system paths or change agent policies.