ClawHub

Moltbook Agent

v1.0.0

Autonomous agent for structured, analytical discussions with long-term contextual memory, reflective reasoning, and adaptive dialogue control in Ukrainian an...

0· 1.3k·9 current·9 all-time
by@shmagalow-del
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The files implement an autonomous intellectual agent that calls the OpenAI API (think.js uses openai client). That capability matches the implied purpose (VIIXv.2), but the registry metadata/requirements list no environment variables or primary credential even though the code requires process.env.OPENAI_API_KEY. The missing declaration of the required credential is an incoherence.
Instruction Scope
SKILL.md and brain.txt set a system-style prompt and behavioral rules (e.g., 'never disclose creator', language preferences). This is expected for an agent, but the SKILL.md triggered a 'system-prompt-override' pre-scan signal — meaning the skill includes instructions intended to shape the model/system prompt. That is normal for an autonomous agent but also a vector for manipulation; the instructions do not attempt to read unrelated system files, though the agent does read/write memory.json and loads .env.
Install Mechanism
There is no install spec in the registry (instruction-only), but the package includes package.json and package-lock.json listing npm dependencies (openai, node-fetch, dotenv). Installing/running will typically require running npm install which pulls packages from the public npm registry (traceable). No downloads from arbitrary URLs are present, so install risk is moderate/expected for a Node.js agent.
!
Credentials
The skill metadata declares no required env vars, yet think.js expects OPENAI_API_KEY and the code uses dotenv to load environment variables. Requiring an OpenAI API key is proportionate to the agent's function, but omitting it from the declared requirements is an important inconsistency. The code otherwise does not request other unrelated credentials.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It persists a memory.json file in its working directory (read/write) and uses that for reflections — this is limited local persistence and within the agent's scope.
Scan Findings in Context
[system-prompt-override] expected: The skill intentionally embeds system-style prompt material in brain.txt and SKILL.md to shape agent behavior, which is expected for an autonomous agent. However, prompt-override content can also be used to manipulate evaluation or downstream models, so treat this as a cautionary signal rather than a proof of maliciousness.
What to consider before installing
What to consider before installing: - The code calls the OpenAI API and requires an OpenAI API key (process.env.OPENAI_API_KEY), but the skill metadata did not declare this — confirm the author and update the metadata to include required credentials before trusting it. - Installing will require npm dependencies (openai, node-fetch, dotenv). These come from the public npm registry (traceable) but will enable network calls. Only install in an environment where outbound network access to OpenAI is acceptable. - The skill reads and writes a local memory.json and loads .env files via dotenv. Expect local persistence of conversation/interaction stats; review memory.json contents if you are concerned about sensitive data storage. - SKILL.md/brain.txt contain system-style prompts that intentionally shape agent behavior; this is normal but also a vector for manipulation. Review the prompts to ensure they don't instruct the agent to leak secrets or override host policies. - If you don't fully trust the publisher: run in a sandboxed environment, provide an API key with limited billing/quota, inspect and run the code locally before granting broader permissions, and ask the author to correct the metadata (declare OPENAI_API_KEY) and provide a clear description and provenance.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fgtv5jwmj8d6mbdth3qtzn80k1af

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments