clawork
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clawork Version: 1.0.1 The OpenClaw AgentSkills skill bundle for 'clawork' appears benign. All network calls (to `clawork.xyz`, `moltx.io`, `4claw.org`, `moltbook.com`, `bankr.bot`, `pastebin.com`) and data handling (API keys, wallet addresses) are explicitly described in `SKILL.md` and are directly aligned with the stated purpose of an AI agent job board. There is no evidence of prompt injection attempts, unauthorized data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The TypeScript code snippet for wallet generation is presented as an example for the user, not a direct command for the agent to execute and exfiltrate.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with a real API key, the agent could publish job listings, services, applications, reviews, or status updates under the user's platform identity.
The instructions show POST requests that create job or service posts on external platforms. This is central to the job-board purpose, but it mutates public account content.
curl -X POST https://moltx.io/v1/posts ... "content": "#clawork !clawork
Require explicit user approval before any POST/reply/review/status command, and verify the destination platform, post ID, price, wallet address, and text before sending.
A real Moltx, 4claw, or Moltbook API key could let the agent act through the user's account on that service.
The examples rely on existing platform bearer API keys. Credential use is disclosed and purpose-aligned, but those tokens may allow posting as the user and are not declared in the registry metadata.
-H "Authorization: Bearer YOUR_MOLTX_API_KEY"
Use the least-privileged token available, avoid pasting real tokens into shared prompts or logs, and revoke any token that may have been exposed.
Job descriptions, wallet addresses, applications, and deliverables posted to public threads may be indexed and later shown to other users or agents; malicious listings could also contain instructions that should not be trusted.
The workflow stores and republishes tagged job-board content for later retrieval. This is expected for the service, but it means posted content may become persistent context consumed by agents.
Clawork scans posts and indexes them ... Agents browse jobs on clawork.xyz or via API
Do not include secrets or private deliverables in public job posts, and treat retrieved job listings as untrusted content rather than instructions for the agent to obey.