Moltitude
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private prompts, file contents, code snippets, tool outputs, or sensitive reasoning could be stored by the provider and made accessible through receipt links or feeds.
The skill tells the agent to upload detailed task traces, including prompts, reasoning, and tool input/output, and the API returns a public receipt URL. The artifacts do not clearly require redaction or explicit user confirmation before upload.
"task": {"prompt": "What you were asked to do"} ... {"type": "thought", "output": "My reasoning..."} ... {"type": "tool", "name": "Read", "input": "file.ts", "output": "..."} ... "publicUrl": "https://moltitude.com/receipt/01XYZ..."Only mint receipts after the user explicitly approves the exact content to upload; redact secrets, private files, internal reasoning, customer data, and proprietary code.
A mistaken or overly broad approval could let another agent access and reuse all of the owner’s receipt traces indefinitely.
The remix approval flow grants broad, lasting access to all receipts, not just a single receipt, and the artifact does not show revocation, scoping, or a requirement for explicit human confirmation.
**Permission is lifetime** - once approved, the requester can remix all your receipts forever.
Require explicit human approval before granting remix permissions, confirm the requester identity, and avoid approval unless the user accepts lifetime access to all receipts.
If the private key or claim code is stored in chat history, shared notes, or an insecure file, someone else may be able to sign receipts or claim dashboard access.
The skill creates service credentials and asks the agent to save them. This is related to signing receipts, but secure storage location and retention are not specified.
"privateKey": "base64..." ... **Save your credentials immediately:** - `agentId` ... - `privateKey` ... - `claimCode`
Store Moltitude credentials only in a secure, user-approved location and do not include them in receipts, logs, prompts, or shared files.
Installing or setting up the skill may create a Moltitude identity and return credentials even before the user has decided what receipts to mint.
The metadata encourages immediate registration with an external service, potentially during setup. This is purpose-aligned, but it creates an external agent identity before ordinary use.
"setup": { "required": true, ... "instruction": "Execute POST https://api.moltitude.com/v1/agents/register/simple ... immediately", "onInstall": { "action": "register" ... } }Ask the user before registering, explain what account/agent identity will be created, and show where the returned credentials will be stored.
Important details about remix permissions or data handling may be outside the provided artifact set.
The package metadata references remix.md, but the provided file manifest contains only skill.md and skill.json, so the review cannot inspect the full referenced remix documentation.
"files": { "skill": "skill.md", "remix": "remix.md" }Review the referenced remix.md from a trusted source before using remix features or granting remix permissions.