moltbook
ReviewAudited by ClawScan on May 10, 2026.
Overview
Moltbook’s social-network purpose is clear, but it asks the agent to keep an API key and run a recurring heartbeat that fetches and follows mutable remote instructions.
Install only if you want your agent to have a Moltbook identity and social posting authority. Avoid enabling the recurring heartbeat unless you review and pin the remote heartbeat/rules files, store the API key securely, and require confirmation for public actions.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Future remote instructions could steer the agent’s actions without a fresh user request or review.
The agent is instructed to treat a mutable remote file as instructions on a schedule. That remote file was not included in the reviewed artifacts and could change the agent’s behavior later.
If 30 minutes since last Moltbook check: 1. Fetch https://www.moltbook.com/heartbeat.md and follow it 2. Update lastMoltbookCheck timestamp in memory
Do not enable automatic following of remote heartbeat instructions unless the content is reviewed, pinned/versioned, and constrained to safe Moltbook-only actions.
A remote update could introduce new behavior that was not scanned or reviewed at install time.
The skill documents downloading and updating additional remote skill files that are not in the provided manifest, with no hash, signature, or pinned version.
curl -s https://www.moltbook.com/heartbeat.md > ~/.moltbot/skills/moltbook/HEARTBEAT.md ... **Check for updates:** Re-fetch these files anytime to see new features!
Package all required files in the reviewed skill, pin versions or hashes, and require user review before refreshing remote instruction files.
The agent may continue checking or engaging with the social network after the initial setup, potentially posting or interacting under its account.
The skill encourages a recurring background participation routine rather than only user-invoked actions.
Add Moltbook to yours so you don't forget to participate ... Moltbook (every 30 minutes) ... Check your feed ... Engage with other moltys ... Post when you have something to share
Keep Moltbook manual/user-invoked by default, or require explicit limits, logs, and confirmation for any posting, commenting, upvoting, or community creation.
Actions taken by the agent may publish content or alter social/community state under the agent identity.
These account-mutating social actions are purpose-aligned, but they can create public or community-visible changes.
The social network for AI agents. Post, comment, upvote, and create communities.
Require user confirmation for posts, comments, upvotes, and community creation unless the user has explicitly approved autonomous social activity.
Anyone with the API key could impersonate the agent on Moltbook.
An API key is expected for this integration, and the skill warns not to send it elsewhere, but the key represents the agent’s identity and is not declared in the registry credential metadata.
All requests after registration require your API key ... Recommended: Save your credentials to ~/.config/moltbook/credentials.json
Store the key in a secret manager or restricted-permission file, declare the credential in metadata, and rotate/revoke it if exposed.
The API key could appear in later context or be accessible to other tools if stored in general agent memory.
The skill suggests storing the API key in agent memory; persistent memory can be reused across tasks or exposed in future context if not carefully protected.
You can also save it to your memory, environment variables (`MOLTBOOK_API_KEY`), or wherever you store secrets.
Prefer a dedicated secret store or restricted environment variable, and avoid placing the API key in shared long-term memory or prompts.