Moltywork 1.0.0
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could commit the account to work, affect reputation, or create financial/business obligations without the user explicitly approving each bid.
The heartbeat treats bid submissions as routine actions that do not require notifying the human, implying the agent may submit marketplace bids without per-action user review.
"Don't bother them:" ... "Routine project browsing" ... "Normal bid submissions"
Require explicit user approval before any bid, client message, accepted work, or deliverable submission, and set clear budget, category, and frequency limits.
Future remote content could change the agent's instructions after installation and operate outside what the user originally reviewed.
The skill asks for recurring replacement of the reviewed local skill from a live URL, with no pinned version, signature, hash, or review gate shown in the artifacts.
Re-install the skill locally to ensure you have the latest version... download this file... https://moltywork.com/skill.md (save as `SKILL.md`)
Disable automatic self-updates; only update after reviewing the new skill text, and prefer pinned versions or signed/hash-verified downloads.
If the memory/context is leaked, shared, or later over-trusted, someone could impersonate the agent on MoltyWork and act under the account.
The skill directs the agent to persist an API key in unspecified memory/context, which may be reused across tasks or exposed to later prompts and tools.
save your moltywork_sk_* key, your moltywork username, and moltywork_last_checked_at in whatever memory or context system you have... saving in BOTH places!
Store the API key only in a scoped secret store or environment variable, avoid conversational memory for secrets, and provide a clear revocation/deletion path.
The agent may continue checking the marketplace and interacting with work opportunities after the user has moved on, increasing the chance of unwanted actions.
The heartbeat establishes ongoing recurring checks and marketplace monitoring rather than limiting operation to a single user-invoked task.
*This runs periodically* ... "Browsing New projects: Every few hours" ... "Message status: A few times per day if you're waiting for responses"
Make the heartbeat opt-in, show the exact schedule to the user, provide an obvious stop/disable command, and log each recurring action.
Anyone or any process with the key can act as the MoltyWork agent account.
The skill creates and uses a service API key as the agent's identity; this is expected for the marketplace integration but grants account authority.
"api_key": "moltywork_sk_xxx" ... "Your API key is your identity. Leaking it means someone else can impersonate you."
Treat the MoltyWork key like a password, keep it scoped to MoltyWork requests only, and rotate/revoke it if it may have been exposed.