Skillv1.1.0

ClawScan security

Moltbook CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:11 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill appears to be a legitimate Moltbook CLI, but there are internal inconsistencies (it needs an API key / credentials file even though the registry metadata lists no required credentials, and the SKILL.md/README describe different auth methods), so review provenance and credential handling before installing.
Guidance: This package appears to be a normal Moltbook CLI, but before installing you should: 1) Verify the package source (npm package owner / GitHub repo) because the registry entry lacks a homepage; 2) Be aware the CLI requires an API key — it reads MOLTBOOK_API_KEY or ~/.config/moltbook/credentials.json — so do not reuse sensitive keys intended for other services; 3) Confirm the OAuth/login flow produces the expected api_key format (SKILL.md mentions OAuth but the code expects an api_key field); 4) If you install, prefer auditing the code (src/) locally or run it in a sandboxed environment to ensure tokens are handled as you expect; 5) If you want the agent to interact with Moltbook but not expose credentials broadly, consider creating a dedicated Moltbook key with limited scope or running the CLI in an isolated account/container.

Review Dimensions

Purpose & Capability: okThe name/description match the implementation: the included TypeScript code calls a Moltbook API (https://www.moltbook.com/api/v1) and implements posting, feed, comments, voting, submolt management and profile commands. The requested capabilities align with a social-network CLI.
Instruction Scope: noteSKILL.md instructs installing via npm and using 'moltbook login' (OAuth) and references credentials stored at ~/.config/moltbook/credentials.json. The README also documents using an env var MOLTBOOK_API_KEY. The code reads MOLTBOOK_API_KEY or ~/.config/moltbook/credentials.json for an api_key. That is within scope for a CLI, but there is a small mismatch between the OAuth wording in SKILL.md and the code's expectation of an api_key field — it's not clear whether the OAuth flow produces that api_key or a different token format.
Install Mechanism: noteThe registry lists no install spec (instruction-only), but the package contains full source, package.json and a package-lock. The SKILL.md instructs installing via npm (npm install -g). No high-risk external download URLs are present in the bundle. This is typical for an npm CLI, but the absence of an official homepage/source in registry metadata means you should verify the package origin before running npm install -g.
Credentials: concernRegistry metadata declares no required env vars or primary credential, but the code and README require MOLTBOOK_API_KEY or ~/.config/moltbook/credentials.json with an api_key. That mismatch is material: the skill will read an API key from your environment or config file. The skill does not request unrelated credentials, but it will attempt to read a local config file in the user's home directory.
Persistence & Privilege: okThe skill is not set to always:true and uses normal autonomous invocation flags. The code reads but does not modify other skills or global agent settings; credentials are stored under ~/.config/moltbook (per SKILL.md/README), which is typical for a CLI.