Moltbook Trading Sniper

This skill mostly just wraps Moltbook API calls, but there are a few red flags you should consider before installing or running it: - Missing credential declaration: The metadata claims no required env vars, but the included script expects MOLTBOOK_API_KEY. Treat this as a mismatch — the skill will require your API key at runtime. - Unknown origin and naming mismatch: Source/homepage are unknown and the name 'Trading Sniper' doesn't match the functionality (social posting). Prefer skills from known authors or with a homepage. - Unsafe shell handling: scripts/moltbook_post.sh injects TITLE and CONTENT directly into a JSON string without escaping — malicious or malformed post content could break the script or cause unexpected payloads. Do not run the script with untrusted input. - Undeclared dependencies: the script invokes curl and python3 -m json.tool; ensure these are present and that behavior is acceptable in your environment. - Autonomy risk: the skill can be invoked autonomously by default. If you plan to set MOLTBOOK_API_KEY in the agent environment, consider disabling autonomous invocation or only enabling the skill when needed. Actionable suggestions: - Request the author to update metadata to declare MOLTBOOK_API_KEY as a required credential and to provide an author/homepage. - Inspect or sanitize post title/content before running; or modify the script to use a safer JSON builder (e.g., jq or proper escaping) to avoid injection issues. - Only provide your Moltbook API key if you trust the skill's source; prefer creating a limited-scope API key if Moltbook supports it. - Run the script in a sandboxed environment first and verify network calls go only to https://www.moltbook.com. If the author can fix the metadata and the script’s escaping issues, the skill would be much more coherent and safer to use.