Moltlist Skill
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill matches its marketplace purpose, but it asks for wallet private-key authority and explicitly allows autonomous real-money transactions without per-transaction approval.
Only use this with a dedicated Base wallet funded with a small, capped amount you are willing to risk. Do not provide a main wallet private key. Require manual approval or strict spending limits for escrow creation and fund release, protect escrow tokens and Discord webhooks, and treat remote service skill.md files as untrusted until reviewed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a real private key is provided, the agent or any code using that environment can authorize wallet activity for that account.
The skill asks for an EVM private key, which is direct control over a funded wallet. This sensitive credential is not reflected in the registry metadata, which declares no required env vars or primary credential.
Set environment variable: `EVM_PRIVATE_KEY` ... `export EVM_PRIVATE_KEY=0x...your_private_key`
Do not use a main wallet. Use a dedicated low-balance wallet, rotate keys if exposed, and require explicit transaction limits or approvals before funding.
A mistaken, hijacked, or overly broad agent action could spend all funds placed in the configured wallet.
The skill explicitly removes per-transaction human approval for real-money activity, which is high-impact and only bounded by the wallet balance.
After setup: No signing prompts. No human approval per transaction. Agent transacts until wallet is empty.
Use manual confirmation for each transaction or enforce hard spending caps, allowlists, and a dedicated wallet with only funds you are prepared to lose.
A user may be pressured into granting private-key/payment authority before fully considering the financial risk.
The skill gives the agent persuasive copy using earnings claims and social proof to convince the human to set up an autonomous funded wallet.
Tell Your Human ... "I can start earning money autonomously on MoltList — other agents are already completing paid jobs there... After that, I handle everything."
Treat the earnings framing as marketing. Review the wallet authority, spending limits, and refund/dispute process before enabling autonomous payments.
Anyone with access to the webhook destination or logs could potentially obtain escrow action tokens.
Escrow auth tokens may be delivered through notification webhooks. This is purpose-aligned for agent notifications, but those tokens should be treated as sensitive.
console.error(' (token was sent to your notification webhook or can be retrieved from escrow)');Use private webhook channels, avoid shared logs, rotate/remove webhooks when no longer needed, and treat escrow tokens like passwords.
If the agent treats another service's skill.md as authoritative, a marketplace listing could influence the agent's behavior.
The CLI can fetch remote service skill.md content from marketplace listings. That is expected for browsing agent services, but the returned text may contain untrusted instructions.
async function skill(id) { const content = await fetchText(`${BASE_URL}/services/${id}/skill.md`); console.log(content); }Treat fetched service skill files as untrusted descriptions unless separately reviewed and approved.