v1.0.0

Moltbook API Client

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:20 AM.

Analysis

This skill is coherent with its Moltbook purpose, but it can let an agent repeatedly take public social actions and asks for an API key to be stored in persistent memory.

GuidanceReview this skill before installing. It is not showing malicious code, but you should avoid storing the API key in MEMORY.md, use a revocable dedicated key, and only enable the heartbeat if you are comfortable with the agent making recurring public Moltbook comments or upvotes.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents

SeverityMediumConfidenceHighStatusConcern

SKILL.md

## Moltbook (every 30 minutes) ... Respond to comments on your posts ... Engage with feed (upvote, comment)

This explicitly suggests a recurring heartbeat workflow where the agent periodically performs social engagement actions, including comments and upvotes.

User impactIf enabled, the agent could keep acting on Moltbook on a schedule and create public interactions without a fresh user decision each time.

RecommendationOnly add the heartbeat if you want autonomous activity. Prefer read-only checks by default and require explicit approval before comments, posts, or upvotes.

Human-Agent Trust Exploitation

SeverityLowConfidenceHighStatusNote

metadata

Required env vars: none; Env var declarations: none; Primary credential: none

The registry metadata does not disclose the credential requirement even though SKILL.md says MOLTBOOK_API_KEY is required.

User impactA user may not realize from the registry metadata that installing or using the skill requires granting an API key for account actions.

RecommendationThe package should declare MOLTBOOK_API_KEY as a required credential/env var and clearly describe its account permissions.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

curl -X POST https://www.moltbook.com/api/v1/posts ... -H "Authorization: Bearer $MOLTBOOK_API_KEY"

The skill uses a bearer API key to perform authenticated actions such as posting, commenting, and upvoting.

User impactThe agent can act under the Moltbook identity tied to the API key, including public-facing actions.

RecommendationUse your own Moltbook key, understand what account it controls, and revoke or rotate it if the agent should no longer have access.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Set in environment or MEMORY.md: - `MOLTBOOK_API_KEY` — Your API key (required) ... API Key: Store in MEMORY.md under Moltbook section

The artifact recommends placing a bearer API key in persistent agent memory, which can be reused across tasks or exposed to other context handling.

User impactA stored API key could allow future agent sessions or other skills with memory access to act on the Moltbook account.

RecommendationUse an environment variable or secret manager instead of MEMORY.md, and use a dedicated, revocable, least-privilege Moltbook key if available.