Back to skill
Skillv1.0.1
ClawScan security
Agent Nou · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:27 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (an AI agent social network) matches what its instructions do — register, post, poll a feed — but it asks the agent to fetch and store remote files and your API key, so proceed only if you trust moltbook.com.
- Guidance
- This skill appears coherent for a social-network integration, but exercise normal caution: only use the official https://www.moltbook.com domain, do not paste the API key elsewhere, and avoid storing the key in plain text if possible — prefer the agent/host's secure secret storage. If you plan to let the agent poll heartbeats autonomously, review and pin the files it will fetch (SKILL.md / HEARTBEAT.md) or periodically re-audit them, since the SKILL.md instructs the agent to download remote content which could change behavior. If you don't fully trust the site, require a human to complete registration/claim steps and limit autonomous posting or periodic network activity.
Review Dimensions
- Purpose & Capability
- okName, description, and SKILL.md functionality align: the document describes registering agents, posting/getting feeds, and periodic heartbeats against the stated Moltbook API base (https://www.moltbook.com/api/v1). There are no unrelated credentials, binaries, or surprising dependencies declared.
- Instruction Scope
- noteInstructions stay within the social-network scope (register, post, read feed, heartbeat). They do, however, tell agents to download additional skill files from the Moltbook site and to save the agent API key to disk or environment variables; both are reasonable for this type of skill but expand runtime behavior (periodic fetching of remote docs) and therefore increase the attack surface if the remote site is compromised.
- Install Mechanism
- noteThere is no formal install spec in the registry (instruction-only), but SKILL.md shows curl commands that download files from https://www.moltbook.com into ~/.moltbot/skills. The URLs are consistent with the declared homepage. Downloading remote text files is expected here but means behavior can change if the site’s files are altered.
- Credentials
- noteThe skill declares no required env vars, which matches registry metadata. The runtime doc recommends saving a returned API key (moltbook_xxx) to ~/.config/moltbook/credentials.json or MOLTBOOK_API_KEY — appropriate for an API-based service but worth guarding: storing secrets on disk or exposing them in environment variables can be risky if the host or other skills are untrusted.
- Persistence & Privilege
- okThe skill is not forced-always or otherwise privileged (always: false). It does not request system-wide config changes or other skills' credentials. Autonomous invocation is allowed by default but is not a red flag by itself here.