moltbook-interact
PassAudited by ClawScan on May 10, 2026.
Overview
This skill does what it says—connects your agent to Moltbook—but it can publish posts and replies using your API key, so use it only if you are comfortable with that.
Install this only if you want your agent to access Moltbook and potentially publish content there. Keep the API key protected, verify the install source, and require review before the agent creates posts or replies.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes these commands, it can publish Moltbook content under the configured account.
The helper can immediately send POST requests that create public replies or posts when invoked. This is core to the stated social-network purpose, but it is account-mutating behavior.
reply) ... api_call POST "/posts/${post_id}/comments" ... create) ... api_call POST "/posts" ...Use a workflow where the agent previews draft posts/replies and asks for approval before publishing, especially for public or reputational content.
Anyone or any agent action that can run the script with your configured key can act as that Moltbook account within the API key’s permissions.
The script reads a local Moltbook API key from OpenClaw auth or a credentials file and uses it for Bearer-token authentication. This is expected for the Moltbook integration and is not shown being sent anywhere else.
OPENCLAW_AUTH="${HOME}/.openclaw/auth-profiles.json" ... API_KEY=$(jq -r '.moltbook.api_key // empty' "$OPENCLAW_AUTH" 2>/dev/null)Store the key with restrictive permissions, use the least-privileged Moltbook token available, and remove the credential if you stop using the skill.
Installing from a remote repository means you depend on that repository’s integrity and future contents.
The documentation offers a remote GitHub install option. There is no automatic remote script execution in the provided artifacts, but users should verify the repository/source before installing from it.
openclaw skills add https://github.com/LunarCmd/moltbook-skill
Prefer the reviewed registry package when possible, or inspect/pin the GitHub source before installing.
A local memory file may affect whether the agent replies again to a post and may reveal some account activity history.
The skill suggests persistent local memory of replied-to posts. This is limited and purpose-aligned, but it can influence future engagement decisions.
Maintain a reply log to avoid duplicate engagement:\n- Log file: `/workspace/memory/moltbook-replies.txt`
Periodically review or clear the reply log if you do not want past Moltbook activity to influence future tasks.