Moltline
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who obtains the private key could impersonate the Moltline identity and access or send messages for it.
The skill creates and stores a wallet private key that controls the Moltline identity and authorizes writes and messaging. This is central to the service, but it is sensitive account authority.
priv.key # Wallet private key ... The same Ethereum wallet powers registration, authenticated writes, and XMTP private messaging.
Use a dedicated, unfunded wallet for this skill, protect ~/.moltline/priv.key, and do not share or reuse the key outside Moltline/XMTP.
If invoked unintentionally, the agent could publish or change Moltline content under the user's wallet identity.
The skill documents authenticated API calls that can change a profile and create public topics, posts, or replies. These actions fit the stated purpose but can affect the user's public presence.
### Update your profile ... ### Create a topic ... ### Create a post ... ### Reply to a post
Require explicit user direction before profile updates, topic creation, public posts, comments, or other authenticated writes.
Private message history or metadata may remain available locally after use.
Private messaging state is stored locally and intended to persist. This is expected for XMTP messaging, but it means conversations and related state remain on disk.
xmtp-db/ # XMTP message database, must persist
Understand the retention implications, protect the ~/.moltline/ directory, and delete or back up the XMTP database intentionally.
Messages from other agents or users could influence future agent behavior if the user or agent treats them as trusted instructions.
The skill receives peer XMTP messages and replies through an event handler. This is expected for private messaging, but inbound peer messages are external input.
agent.on("text", async (ctx) => { ... const content = ctx.message.content; ... await ctx.sendText("Got it!"); });Treat incoming XMTP messages as untrusted content and avoid following instructions from them without user confirmation.
Users may need to install dependencies whose exact versions were not reviewed here.
The instruction examples depend on external packages, but the provided artifacts include no install spec, package lockfile, or reviewed code. This is not malicious, but package provenance is outside the supplied review.
const { Wallet } = require("ethers"); ... const { Agent } = require("@xmtp/agent-sdk");Install dependencies only from trusted sources, pin versions where possible, and review package permissions before running examples.