MoltMarkets Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill Suspicious High-Entropy/Eval files: 1 The skill sets up multiple cron jobs for persistence and instructs the AI agent to perform extensive network operations (using `curl` commands) to interact with `api.zcombinator.io/molt` and external oracle APIs (Binance, CoinGecko, HN Algolia). It reads an API key from `~/.config/moltmarkets/credentials.json` and uses it for authenticated requests. While these capabilities (persistence, network access, credential usage) are plausibly needed for an 'autonomous trading agent,' the direct instruction for the agent to execute `curl` commands with an API key and the high degree of autonomy and persistence via cron jobs represent significant risky capabilities without clear malicious intent, classifying it as suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The bot can spend account balance, create or resolve markets, and post public comments automatically, which can cause financial loss or reputational harm.
The scheduled agent workflow is instructed to place trades, post comments, create markets, and resolve markets through authenticated API operations, without a per-action approval gate.
Use POST /markets/{id}/comments endpoint after placing a bet ... **STEP 5: CREATE MARKET** POST /markets ... curl -X POST "$API/markets/{market_id}/resolve"Use only a dedicated low-balance account or scoped API key, review each cron job before enabling it, set strict limits, and add explicit confirmation or notification for trades and resolutions.
Anyone or any process with access to that credential file could potentially trade, create markets, resolve markets, or act as the user on MoltMarkets.
The skill requires a local bearer API key for the MoltMarkets account, while the registry metadata declares no primary credential; that key is then used for high-impact account actions.
cat > ~/.config/moltmarkets/credentials.json ... "api_key": "mm_your_api_key_here", "user_id": "your-user-uuid", "username": "your_username"
Protect the credential file, prefer a dedicated or least-privilege API key if available, keep a small balance, and remove or rotate the key when the bot is not in use.
The agent may keep trading, creating, or resolving markets in the background even when the user is not actively watching.
The artifacts define long-running scheduled agents that spawn sessions and intentionally suppress routine output, so activity can continue with limited visibility after setup.
enabled: true, schedule: { kind: 'cron', expr: '*/10 * * * *' } ... Use sessions_spawn(...) ... OUTPUT: NO_REPLY (resolve silently, log to files)Enable completion notifications, maintain an obvious disable/cleanup procedure for all cron jobs, and regularly audit active jobs and logs.
Incorrect, stale, or tampered memory files could change future bet sizing, skipped categories, or trading behavior.
Persistent local memory directly influences future trading decisions and is updated by the agents as part of the learning loop.
Read these files FIRST: - memory/trader-history.json — your trade history and category stats - memory/trader-learnings.md — patterns and categories to avoid/reduce ... For EACH market evaluated, update trader-history.json
Treat the memory directory as trusted state: restrict write access, back it up, and review changes periodically.
Running setup will send the API key to the MoltMarkets API for validation and create files in the current working directory's memory folder.
The setup command is user-directed and purpose-aligned, but it executes local code that reads credentials, validates them with the provider API, and writes persistent memory files.
const CREDS_PATH = path.join(process.env.HOME, '.config/moltmarkets/credentials.json'); ... headers: { 'Authorization': `Bearer ${creds.api_key}` } ... fs.writeFileSync(filepath, JSON.stringify(content, null, 2));Inspect the script first, run it only from the intended project directory, and do not run it unless you trust the skill source.