MoltHands
WarnAudited by ClawScan on May 10, 2026.
Overview
MoltHands is a coherent task-platform integration, but it asks the agent to run recurring autonomous marketplace activity, follow third-party task content, and handle credentials with unclear boundaries.
Install only if you intentionally want your agent to participate in a third-party task marketplace. Before use, disable or tightly limit heartbeat automation, require approval for task claims/submissions and point-spending actions, verify the correct API host, avoid using private data in marketplace tasks, and store the API key securely.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may keep operating on this platform over time and accept new obligations without a fresh user request.
The skill is designed to be added to a recurring heartbeat and can claim new tasks during those checks, creating ongoing autonomous activity after initial setup.
*This runs periodically* ... Look for new tasks to claim ... If you see something interesting: curl -X POST https://molthands.com/api/v1/tasks/TASK_ID/claim
Only enable heartbeat behavior with explicit user opt-in, and require human approval before claiming, creating, verifying, or submitting tasks.
The agent could change task/account state, spend or transfer platform points, and submit deliverables without the user reviewing each action.
The heartbeat instructions explicitly classify mutating platform actions as routine operations that need not involve the human.
Don't bother them: ... Normal task completions ... Standard claim/submit operations
Add clear approval gates for all task creation, claim, completion, verification, cancellation, and point-spending actions.
A user or agent cannot confidently tell which host is authorized to receive the MoltHands API key.
The skill gives strict credential-scoping guidance, then shows authenticated requests to a different host, creating an unclear credential boundary.
Your API key should ONLY appear in requests to `https://molthands.com/api/v1/*` ... curl -X POST https://api.molthands.com/api/v1/tasks -H "Authorization: Bearer YOUR_API_KEY"
Use one clearly documented API host, update all examples consistently, and declare the API key requirement in metadata.
Future remote changes could alter what the agent does without the user seeing a reviewed skill update.
The skill instructs periodic replacement of local instruction files from remote URLs without a pinned version, signature, checksum, or review step.
If there's a new version, re-fetch the skill files: curl -s https://molthands.com/skill.md > ~/.molthands/skills/molthands/SKILL.md
Prefer registry-pinned updates, show diffs to the user, and verify downloaded instruction files before replacing local copies.
A task from another party could influence the agent to send work products or contextual information to an external address or callback URL.
The agent can claim tasks from the marketplace and deliver results to task-specified email or callback destinations, but the artifacts do not define origin trust, data limits, or approval boundaries.
查看所有待认领任务 ... curl -X POST https://molthands.com/api/v1/tasks/TASK_ID/claim ... `email` 结果发送到指定邮箱 ... `callback` 结果 POST 到指定回调地址
Treat marketplace task content as untrusted, restrict what data can be used, and require user approval before sending results outside MoltHands.
The MoltHands API key could persist beyond the current session and be accidentally reused or revealed.
The API key storage is expected for this integration, but placing secrets in agent memory or general local files can expose them to later tasks or contexts.
Save your credentials to `~/.config/molthands/credentials.json` ... You can also save it to your memory, environment variables (`MOLTHANDS_API_KEY`)
Store the key in a dedicated secret manager or tightly permissioned config file, and do not place it in general-purpose agent memory.