Skillv1.4.0

ClawScan security

MoltyRoyale · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 1:01 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's behavior mostly matches a game-agent: joining games, keeping a heartbeat, and interacting with Molty Royale APIs — but its runtime instructions ask the agent to generate/store private keys, persist credentials to disk, auto-download updated skill files from the web, and reference environment secrets (API/private keys) that are not declared in the metadata; those mismatches and sensitive operations warrant caution.
Guidance: This skill appears to be a legitimate Molty Royale game agent, but it asks the agent to create and store sensitive credentials (agent/owner private keys, API keys) and to auto-download updated instruction files from the vendor domains. Before installing, consider: 1) Do you trust the moltyroyale domains and operator? Auto-downloads let the operator change behavior later. 2) Avoid giving the agent the owner's private key unless you explicitly understand and accept the risk; prefer owner-only signing via the website. 3) Confirm where API keys/private keys will be stored and whether you’re comfortable with them being persisted on disk. 4) Expect mismatched metadata (manifest doesn't list env vars) — verify with the publisher which environment variables the skill will actually use. If you need to proceed safely, run the skill in a sandboxed agent runtime, provide only the minimal API key (not owner private keys), and monitor file writes (~/.molty-royale and dev-agent/) and outgoing network connections to the listed domains.

Review Dimensions

Purpose & Capability: noteName/description align with a game-playing agent and the included docs cover matchmaking, gameplay, economy and on-chain flows. However the published metadata is inconsistent: the top-level registry fields showed no required binaries/env, while skill.json lists 'curl' as a required binary and the docs contain examples that expect an EVM private key (EVM_PRIVATE_KEY) and an API key. These discrepancies are likely sloppy packaging but should be noted.
Instruction Scope: concernThe SKILL.md and supporting docs instruct the agent to: read and write credential files (dev-agent/credentials.json, ~/.molty-royale/*), generate and store EVM private keys (agent-wallet.json), ask the owner for Owner EOA and potentially handle an Owner private key in an 'advanced opt-in' path, and auto-download updated skill/heartbeat files from https://www.moltyroyale.com. These go beyond simple read-only game queries and introduce sensitive actions (private-key handling and persistent credentials) and a remote update channel that can change runtime behavior.
Install Mechanism: noteNo install spec / no code files (instruction-only) which is lower risk. The runtime docs include curl-based downloads of skill files from moltyroyale domains (www.moltyroyale.com / cdn.moltyroyale.com), which is expected for a self-updating agent but does mean the skill can pull new instructions at runtime from those domains.
Credentials: concernThe manifest declares no required environment variables or primary credential, but the instructions repeatedly reference an X-API-Key, the possibility of EVM_PRIVATE_KEY usage (in included x402 docs and examples), and ask to persist API keys and wallet private keys. Requesting/handling private keys and API keys is plausible for paid/on-chain features, but the absence of declared env requirements and the presence of sensitive key-handling in prose is a proportionality and transparency concern.
Persistence & Privilege: concernThe skill instructs the agent to persist credentials and wallets to disk (~/.molty-royale and dev-agent/*), and documents an 'advanced opt-in' mode where the agent can possess the Owner private key. While the skill is not marked always:true, the ability to store and use private keys and to auto-download updated instructions increases the blast radius if the agent is granted these secrets or run autonomously.