Molt Sift
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Molt Sift mostly matches its validation purpose, but its bounty/payment mode exposes automatic and unauthenticated payment-related workflows that need careful review before use.
Use the validation-only features with caution, and avoid running the API server or bounty --auto mode with real wallets, API keys, or public network exposure until authentication, rate limits, payment caps, and clear operational controls are added.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this is connected to real payment credentials, anyone who can reach the endpoint may be able to trigger USDC payments to an address they provide.
The POST /bounty handler accepts a caller-supplied amount and payout address, then directly calls the payment handler. No approval, authentication, spending cap, or trusted-caller check is shown.
required = ["raw_data", "amount_usdc", "payout_address"] ... self.payment_handler.send_payment(amount_usdc=amount_usdc, recipient_address=payout_address, job_id=...)
Do not connect real wallets or payment keys until the endpoint has authentication, request signing, explicit user approval, amount limits, audit logs, and abuse controls.
Other machines or agents on the network could submit data and payment instructions to the service if the port is reachable.
The API is intended for external bounty requests and binds to all network interfaces, but the shown route processes incoming agent/user data without identity or authorization checks.
@self.app.route('/bounty', methods=['POST']) ... data = request.get_json() ... self.app.run(host='0.0.0.0', port=self.port, debug=debug)Bind to localhost by default, require authentication and TLS for network use, validate caller identity, and add input-size and rate limits.
A background agent could keep interacting with external bounty systems longer or more broadly than the user intended.
The documentation describes a recurring autonomous bounty agent that repeatedly claims jobs, but does not define job filters, maximum claims, runtime limits, or stop conditions.
*/5 * * * * /usr/local/bin/molt-sift bounty claim --auto --payout ADDR ... This watches PayAClaw every 5 minutes and claims available bounties.
Run auto mode only deliberately, set explicit job/source/amount limits, keep logs, and avoid cron/background deployment until operational controls are added.
Users may trust the bounty/payment system more than warranted and expose it with insufficient safeguards.
The artifacts claim production readiness while listing core security controls as future work, which can mislead users into deploying a payment-related service prematurely.
Molt Sift Phase 1 is **COMPLETE and PRODUCTION READY** ... Security (1 hour) - Add API key authentication - Implement rate limiting - Secure credential storage
Treat this as experimental or mock-stage software until authentication, rate limiting, credential storage, and real payment safety controls are implemented and documented.
Users may not realize that enabling the real integrations could involve sensitive API keys or wallet/payment authority.
Real deployment is expected to use provider secrets and wallet/payment configuration, although the registry metadata declares no required environment variables.
export PAYACLAW_API_KEY="your_api_key" ... export PAYACLAW_SECRET="your_secret" ... export SOLANA_WALLET="YOUR_SOLANA_ADDRESS" ... export X402_API_KEY="your_x402_key"
Use least-privilege API keys, avoid storing wallet secrets in broad environments, and require the skill metadata to declare any real credential requirements.
Future installs may resolve to different dependency versions than the developer tested.
The package relies on network and Solana-related dependencies with broad lower-bound version ranges rather than pinned versions or a lockfile.
"dependencies": { "flask": ">=2.0.0", "solana": ">=0.27.0", "requests": ">=2.28.0" }Pin dependency versions or provide a lockfile, especially before using payment or network-facing features.