Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Moltbook Fanboy
v1.0.4Automatically browse Moltbook to get trending posts, generate comments and likes, and create daily summary reports. Use when user asks about Moltbook trends,...
⭐ 0· 659·2 current·2 all-time
byYonghao Zhao@yonghaozhao722
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md claims the skill will 'automatically ... generate comments and likes' on Moltbook and 'send directly to Telegram' and sync bidirectionally via GitHub. The code, however, only fetches posts (public API) and locally records simulated like/comment actions in data/actions.json and writes reports to an Obsidian path. There are no POST calls to Moltbook to actually perform likes/comments, and there is no Telegram integration implemented. Also the skill performs a git push to /root/clawd/obsidian-vault without declaring any GitHub credentials — these capabilities/requirements are inconsistent with the stated "no configuration needed" claim.
Instruction Scope
SKILL.md instructs the agent to run scripts that will fetch posts, generate interactions, save reports, push to GitHub, and send reports to Telegram. The actual scripts fetch public data and generate local actions and reports, then unconditionally attempt to git add/commit/push from /root/clawd/obsidian-vault. The SKILL.md also instructs to "send directly to Telegram" but no code or declared env var supports that. The skill also writes outside its own directory (into /root/clawd/obsidian-vault) and will attempt network pushes — instructions therefore reference external endpoints and filesystem locations that are not declared or authorized in metadata.
Install Mechanism
There is no install spec (low install risk). However the Python scripts use third-party modules (requests) and rely on system git being configured; these dependencies are not declared in the registry metadata. No remote download URLs or extract steps are used, which is good, but missing dependency declarations mean the runtime environment assumptions are not explicit.
Credentials
The registry declares no required environment variables or credentials, yet the scripts attempt to push to GitHub (via git) and write into /root/clawd/obsidian-vault. Successful push depends on existing git credentials (SSH key or stored credentials) which are effectively used, despite not being declared. The skill also assumes access to a specific Obsidian vault path which could contain private files. This is disproportionate to a 'read public Moltbook and summarize' description and risks exposing local/remote content via git pushes.
Persistence & Privilege
The skill does not set always:true, but it writes files outside its own directory (obsidian-vault reports) and attempts to commit and push changes to a remote repository. That means it will alter user data and attempt remote writes without explicit configuration fields or prompts. While not requesting elevated platform privileges, this behavior is significant because it may cause automatic commits/pushes of generated content or unintentionally included files (potential secrets) to a remote GitHub repo.
What to consider before installing
This skill is partially coherent but contains several mismatches you should understand before installing: 1) It claims to post likes/comments on Moltbook and send reports to Telegram, but the code only simulates interactions locally and does not implement Telegram posting — if you expect real posting, the skill is incomplete and could mislead you. 2) The generator script will write to /root/clawd/obsidian-vault and attempt git add/commit/push — that will use whatever git credentials are configured on the host (SSH keys or stored credentials) even though no credentials are declared. If your obsidian vault or git repo contains private data, running this skill could push it to the remote. 3) There are undeclared runtime assumptions (python 'requests' package, git installed & configured). Consider the following before using: run the scripts in a sandboxed environment, inspect and/or remove the git push block (in generate_daily_report.py) or require an explicit GITHUB credential/config, add explicit TELEGRAM_TOKEN/TELEGRAM_CHAT env vars if you want Telegram posting and implement secure handling, and change the output path to a skill-local directory if you don’t want it modifying your Obsidian vault. If you are unsure, do not enable autonomous/cron execution or grant the skill write access to your real vault/repo until you harden these behaviors.Like a lobster shell, security has layers — review code before you run it.
latestvk979yn1j5v84wzpnwqqat3mttx81e4gn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.