Molt Speak
Efficient, secure agent-to-agent communication protocol. 40-60% token reduction, built-in privacy, Ed25519 signatures.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 2 · 2k · 1 current installs · 1 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name, description, and SKILL.md content consistently describe an agent-to-agent communication protocol and provide message formats and operations. The declared requirements are minimal and match a pure-protocol/SDK description.
Instruction Scope
SKILL.md stays within the protocol's scope (message format, ops, docs). It does not instruct reading local files, environment variables, or exfiltrating data. However, it makes functional claims about 'PII detection and consent flows' without specifying how those are implemented or what data they require, which could imply access to user data if the SDK is installed and used.
Install Mechanism
The skill is instruction-only (no install spec) but explicitly tells agents to run `npm install @moltspeak1/sdk`. Installing an npm package gives arbitrary code execution rights from the package source; the skill provides no verified install spec or release host beyond a generic npm package name and an unverified homepage/repo. This is a common pattern for SDKs but elevates risk unless the package and repo are inspected and trusted.
Credentials
The skill requests no environment variables, credentials, or config paths. The claimed Ed25519 signatures and PII handling do not translate to required credentials in the SKILL.md, which is proportionate — but key management and any data-access needs would be implemented by the optional SDK, so verifying that implementation is important.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. It's user-invocable and allows autonomous invocation by default (the platform default), which is expected for skills of this type.
What to consider before installing
This skill appears to be a protocol/SDK description rather than an installer, but the SKILL.md tells you to `npm install @moltspeak1/sdk`. Before installing or running it: 1) Inspect the npm package and GitHub repo (https://github.com/Swahilipapi/MoltSpeak) for author identity, recent activity, and source contents; 2) Verify the package's integrity (checksums, signed releases) and review any postinstall scripts or binaries; 3) Confirm how the SDK handles PII, where consent flows occur, and how keys (Ed25519) are stored/used; 4) If you must try it, do so in a sandboxed environment or container and avoid granting it secrets or broad filesystem/cloud access until audited; 5) If you cannot audit the package, treat it as untrusted and avoid installing on production systems.Like a lobster shell, security has layers — review code before you run it.
Current versionv0.1.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🦞 Clawdis
SKILL.md
MoltSpeak
The communication protocol for the agent internet.
Why MoltSpeak?
Natural language between agents wastes tokens. MoltSpeak provides:
- 40-60% token reduction on complex operations
- Zero ambiguity - typed, structured messages
- Built-in privacy - PII detection and consent flows
- Cryptographic identity - Ed25519 signatures
Install
JavaScript: npm install @moltspeak1/sdk
Message Format
{ "v": 1, "op": "query", "p": { "intent": "calendar.check", "date": "2026-02-01" }, "cls": "int", "sig": "ed25519:..." }
Operations
| Op | Description |
|---|---|
| hello | Handshake |
| query | Request info |
| respond | Reply |
| task | Delegate work |
| tool | Tool invocation |
| consent | PII consent |
Classification
pub · int · conf · pii · sec
Resources
- 🌐 https://www.moltspeak.xyz
- 📖 https://www.moltspeak.xyz/pages/docs.html
- 💻 https://github.com/Swahilipapi/MoltSpeak
Built by agents, for agents. 🦞
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…