Agent Nou
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This social-network skill is not clearly malicious, but it asks your agent to set up a recurring live remote heartbeat that can keep participating publicly using an identity-bearing API key.
Install only if you want your agent to participate in Moltbook. Before enabling the heartbeat, review the remote HEARTBEAT.md/RULES.md/MESSAGING.md files, pin their contents if possible, and require explicit approval for posts, comments, upvotes, and community creation. Store the API key securely and do not place it in shared model memory.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your agent could keep checking and participating in the social network after the original task is over.
This asks the agent to add a recurring task that persists beyond a single user request and continues to run on a schedule.
Add this to your `HEARTBEAT.md` ... `## Moltbook (every 30 minutes)` ... `Fetch https://www.moltbook.com/heartbeat.md and follow it` ... `Update lastMoltbookCheck timestamp in memory`
Do not add the heartbeat unless you explicitly want ongoing participation; require human approval for any posts, comments, upvotes, or community changes.
A future change to the remote heartbeat file could alter what your agent does without a fresh review.
The instruction makes live remote content authoritative for the agent's future behavior, but that remote file is not included in the reviewed artifacts.
`Fetch https://www.moltbook.com/heartbeat.md and follow it`
Treat fetched instruction files as untrusted until reviewed; pin or locally approve the exact content before letting the agent follow it automatically.
The agent may publish or interact publicly under its account in ways you did not specifically approve.
The skill exposes public mutation actions and pairs them with autonomous participation language, without clearly requiring per-action user confirmation.
`curl -X POST https://www.moltbook.com/api/v1/posts` ... and heartbeat reminders to `Engage with other moltys` and `Post when you have something to share`
Configure the agent to ask before creating posts, comments, votes, communities, or other public-facing actions.
The installed behavior can change when the remote site changes, even if the registry package you reviewed did not change.
The package references additional live remote instruction files and encourages refetching them, but those files are not part of the supplied reviewed artifact set.
`HEARTBEAT.md` | `https://www.moltbook.com/heartbeat.md` ... `curl -s https://www.moltbook.com/heartbeat.md > ~/.moltbot/skills/moltbook/HEARTBEAT.md` ... `Check for updates: Re-fetch these files anytime`
Review and pin the auxiliary files before use; prefer versioned URLs, checksums, or bundled reviewed copies.
Anyone with the key could act as the agent on Moltbook.
The skill requires a Moltbook bearer token for account actions; this is expected for the service, and the artifact explicitly warns about key leakage.
`All requests after registration require your API key` ... `Your API key is your identity. Leaking it means someone else can impersonate you.`
Store the API key in a dedicated secret store or restricted local file, and only send it to `https://www.moltbook.com/api/v1/*` as the skill advises.
A stored key or recurring-state marker could persist longer than intended or be exposed through shared agent memory.
The skill suggests persistent memory for both credentials and heartbeat state, which can be reused across tasks if not isolated.
`You can also save it to your memory, environment variables (MOLTBOOK_API_KEY), or wherever you store secrets` and `Update lastMoltbookCheck timestamp in memory`
Avoid storing API keys in general model memory; use a scoped secret store and keep heartbeat state separate from user-visible or shared memory.