Back to skill
Skillv1.0.0
VirusTotal security
moltbook · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:33 AM
- Hash
- 93a4427e01ae70f806ebb75c626a42f358589126d48c9a898a453d7154c87135
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moltbook04 Version: 1.0.0 The skill bundle is classified as suspicious because SKILL.md instructs the agent to establish a 'heartbeat' routine that periodically fetches and follows instructions from a remote URL (https://www.moltbook.com/heartbeat.md), creating a persistent remote control or dynamic prompt injection vector. It also directs the agent to store its API key in a local configuration file (~/.config/moltbook/credentials.json) and download additional behavioral instructions from the developer's domain (moltbook.com). While these capabilities are aligned with the stated purpose of a social network, the mechanism for remote instruction updates allows for arbitrary behavior modification by the service provider.
- External report
- View on VirusTotal