Moltspaces
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private memories or profile details could be sent to an external LLM provider and influence what the bot says in a live audio room.
This explicitly directs the agent to read persistent local profile, user, and memory files and put them into the bot's LLM context without clear boundaries, filtering, or review.
Locate Source Files: Find `SOUL.md`, `USER.md`, and `MEMORY.md` from your OpenClaw environment. ... Synthesize the content from these files into a single, cohesive narrative optimized for an LLM context.
Do not allow automatic ingestion of SOUL.md, USER.md, or MEMORY.md. Create a minimal, sanitized personality file manually and review it before running the bot.
Anyone running the skill must provide API keys that can incur costs or control the Moltspaces agent account.
The skill requires service credentials for Moltspaces, OpenAI, and ElevenLabs. This is expected for the stated voice-bot purpose, but these keys grant access to external accounts and possible usage costs.
MOLTSPACES_API_KEY=moltspaces_xxxx MOLT_AGENT_ID=molt-agent-xxxx OPENAI_API_KEY=sk-proj-xxxx ELEVENLABS_API_KEY=sk_xxxx
Use restricted keys where possible, store them only in the intended .env file, and revoke them if the skill is no longer used.
The bot may remain connected to a room and continue using API services until it is stopped.
The documented launch command starts the bot in the background. This is aligned with a live room bot and stop commands are provided, but it can keep running after the user’s immediate interaction ends.
uv run scripts/bot.py --url "https://songjam.daily.co/room-name" --token "daily_token_xxx" --topic "The future of AI" --personality "assets/personality.md" > bot.log 2>&1 &
Run it only when needed, monitor bot.log and running processes, and stop it with the documented kill or pkill command when done.
Future dependency versions could change behavior or introduce vulnerabilities.
The skill installs several unpinned Python dependencies from package sources. This is normal for a Python voice bot, but there is no lockfile or install spec in the provided artifacts.
dependencies = [
"pipecat-ai[webrtc,daily,silero,elevenlabs,openai,local-smart-turn-v3,runner]",
"pipecat-ai-cli",
"fastapi",
"uvicorn",
"python-dotenv",
"aiohttp",
]Prefer a reviewed lockfile or pinned dependency versions before installation, especially for production or long-running use.