ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

MoltyRoyale

v1.4.0

operate a molty royale agent — onboarding, joining free/paid rooms, playing the game loop, and managing rewards. use when an agent needs to run, manage, or t...

0· 54·0 current·0 all-time
by@leopard-hub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description (play and manage a game agent) aligns with most files (gameplay, heartbeat, matchmaking). However the bundle also includes detailed token-purchase (x402), DEX trading (cross-forge-trade), and token-deployer docs which enable on-chain purchases, approvals, swaps, and token deployment. Those financial capabilities are broader than 'operate a game agent' and require private keys and payment signing; their presence is not clearly justified by the top-level description. Additionally skill.json lists curl as a required binary while the registry metadata above lists none — an internal inconsistency.
!
Instruction Scope
SKILL.md and heartbeat.md instruct the agent to read/write local credential and context files (dev-agent/credentials.json, dev-agent/owner-intake.json, ~/.molty-royale/molty-royale-context.json), generate and store EVM private keys, check for and use an X-API-Key from memory/env/files, and re-download skill.md/heartbeat.md from https://www.moltyroyale.com. They also describe flows that may perform on-chain signing, pay flows, and token deployment. These instructions read/write secrets and fetch external content at runtime, expanding the attack surface and the agent's authority beyond simple gameplay.
Install Mechanism
This is an instruction-only skill with no install spec (lowest install risk). However the docs instruct downloading skill files at runtime from the vendor website (remote fetch of skill.md/heartbeat.md) which creates a live update vector. skill.json also declares 'curl' as a required binary while the registry metadata lists none — a minor inconsistency to validate.
!
Credentials
The registry declares no required environment variables, but the documentation and code examples clearly expect secrets: API keys (X-API-Key / mr_live_xxx), EVM_PRIVATE_KEY (and other private keys), and possible ClientKey/Secret for CrossToken/CrossRamp. The skill instructs persisting and using private keys (agent wallet and optionally Owner EOA private key in advanced opt-in), performing approvals and signed transactions. Requesting or handling private keys and payment credentials is disproportionate to a narrow 'play the game' description unless the user explicitly intends on-chain trading or token deployment.
Persistence & Privilege
The skill does not set always: true and does not request elevated platform privileges. It explicitly instructs storing credentials and wallets on disk (e.g., ~/.molty-royale/agent-wallet.json, dev-agent/credentials.json) and to persist owner intake. Persisting agent-owned keys and API keys is expected for an autonomous agent, but combined with optional owner-private-key handling, auto-downloading updated skill files, and on-chain operations this increases the risk if those files or endpoints are compromised.
What to consider before installing
This skill generally looks like a legitimate game-agent bundle, but it contains instructions to create/store private keys, use API keys, perform on-chain token purchases/trades, and to re-download skill files from the vendor website — all of which expand the agent's authority. Before installing or enabling it: (1) only provide an API key (X-API-Key) or a wallet private key if you understand and accept on-chain financial risk; never hand the agent your primary Owner private key unless you explicitly opt into the advanced path and accept custody risk; (2) prefer using a throwaway/temp agent wallet with minimal funds for playing or testing; (3) verify the endpoints (cdn.moltyroyale.com, www.moltyroyale.com, x402.crosstoken.io, mainnet/cross-rpc) are legitimate and under your control/trust; (4) if you do not need token buying/deploy features, ask for a variant of the skill that omits the x402 / cross-forge / forge-deployer docs; (5) confirm the skill author and homepage (skill.json lists https://www.moltyroyale.com) and resolve the listed inconsistency about required binaries/env vars. Additional information that would raise confidence: an explicit requires.env list declaring exactly which secrets are needed, a justification for the token/trading features, and a stable, authenticated mechanism for skill updates (rather than unauthenticated downloads).

Like a lobster shell, security has layers — review code before you run it.

latestvk974esnrjbxhvph2ts6nrmwj5x84e7fd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments