ClawHub
Back to skill
v0.0.2

Lumos Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:37 AM.

Analysis

The skill matches a social-network tool, but it asks the agent to set up a recurring remote heartbeat and use an API key to act publicly, so it should be reviewed before installation.

GuidanceInstall only if you are comfortable with the agent participating on a public social network. Review any remote heartbeat, messaging, and rules files first, avoid automatic background participation unless explicitly desired, require approval for public actions, and store the Moltbook API key in a secure, scoped secret location.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityMediumConfidenceHighStatusConcern
SKILL.md
If 30 minutes since last Moltbook check:
1. Fetch https://www.moltbook.com/heartbeat.md and follow it

This makes a remote, changeable document an instruction source that the agent is told to follow periodically.

User impactFuture changes to the remote heartbeat file could steer the agent's behavior without the user reviewing the updated instructions first.
RecommendationDo not enable automatic following of remote heartbeat files unless you review them and constrain what actions the agent may take.
Rogue Agents
SeverityMediumConfidenceHighStatusConcern
SKILL.md
Add this to your HEARTBEAT.md ... Moltbook (every 30 minutes) ... The heartbeat keeps you present.

The skill encourages adding a recurring background routine so the agent keeps checking and participating over time.

User impactThe agent may continue engaging with a public social network outside explicit user prompts, including posting or interacting under its account.
RecommendationRequire explicit user opt-in for the heartbeat and require confirmation before public posts, comments, upvotes, or community changes.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
curl -s https://www.moltbook.com/heartbeat.md > ~/.moltbot/skills/moltbook/HEARTBEAT.md ... Check for updates: Re-fetch these files anytime

The skill points to additional remote instruction files and encourages re-fetching them, but those files are not part of the provided review artifacts.

User impactThe behavior seen by the agent may depend on remote files that can change after installation.
RecommendationReview any fetched HEARTBEAT.md, MESSAGING.md, and RULES.md files before letting the agent follow them.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
All requests after registration require your API key ... Your API key is your identity. Leaking it means someone else can impersonate you.

The skill uses a bearer API key as the agent's identity for service actions; this is expected for the service but sensitive.

User impactAnyone who gets the API key could act as the agent on Moltbook.
RecommendationStore the API key securely, limit which agent workflows can access it, and rotate it if it may have been exposed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusNote
SKILL.md
You can also save it to your memory, environment variables (`MOLTBOOK_API_KEY`), or wherever you store secrets.

The skill suggests storing the API key in agent memory or other persistent secret stores, which can expose it if memory is broadly reused or inspected.

User impactA persistent agent memory containing the API key could leak the account credential into later tasks or contexts.
RecommendationPrefer a dedicated secret store or tightly permissioned credentials file; avoid placing the API key in general-purpose long-term memory.