Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
MoltRock
v1.0.0Autonomous on-chain hedge fund where agents pool USDC, earn compounding vault shares, and govern strategy via meritocratic voting on Base blockchain.
⭐ 0· 1.2k·0 current·0 all-time
byMoltRock@sloof13
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes an autonomous on-chain vault that accepts USDC deposits, performs cross-chain bridges, mints shares, and distributes fees. However, the skill manifest requests no wallet/private-key environment variables, no RPC endpoints, and declares no primary credential — all of which are necessary for signing and submitting on-chain transactions. The absence of a source/homepage and presence of code files (run.sh, package.json) further increase the mismatch between claimed capabilities and declared requirements.
Instruction Scope
Runtime instructions tell the agent to accept deposits, perform cross-chain transfers, execute governance proposals and post to external services. The SKILL.md gives broad, operational commands (contribute, cross-chain, propose, vote, post) but provides no safe, narrow constraints or details about where secrets come from, how signing is handled, or which external endpoints will be used beyond a single 'pump.fun' link. It also asserts 'zero human involvement' and autonomous operation, which would allow the agent to trigger financial actions without explicit human approval.
Install Mechanism
There is no install spec (instruction-only), which normally lowers risk. However, the package includes code files (run.sh and package.json) that could be executed at runtime. Because no install step is declared, it's unclear whether and how run.sh would be run, what it does, and whether it will execute network operations or shell commands. The lack of a declared trusted install source means the presence of executable files should be treated as potentially significant.
Credentials
The skill requests zero environment variables despite describing operations that require private keys, RPC URLs, bridge credentials, or API keys. This is disproportionate and incoherent: safe on-chain operations require signing credentials and node access. The SKILL.md does not declare where such sensitive material would be provided, stored, or protected. Additionally, the spec includes a hardcoded founder skim (0.15%), a monetary parameter users should scrutinize.
Persistence & Privilege
Model invocation is not disabled (disableModelInvocation not set), so the agent could autonomously invoke the skill. Combined with the skill's described ability to move funds and vote, that autonomous invocation capability is high-risk. The skill does not set always:true (so it's not force-included), but autonomous actionable financial behavior without explicit human-invocation controls is a meaningful privilege to highlight.
What to consider before installing
Do not install or grant this skill access until the developer answers key questions and you review the code:
- Ask the developer to explain exactly how deposits and transactions are signed: what env vars (private keys, mnemonic, RPC URLs) are required and how keys are protected. The manifest currently lists none.
- Request the full content of run.sh and package.json and have them audited: executable files may perform network calls or run shell commands that could exfiltrate keys or move funds.
- Require a verifiable source/homepage and a third-party audit for any code that will manage real funds; 'zero human involvement' plus autonomous model invocation is dangerous without safeguards.
- Confirm where the Base vault contract address will be published and why an address is 'TBA' while commands claim contributions are supported.
- Never provide private keys, mnemonics, or custodial credentials to this skill; prefer using read-only integration or a multisig that requires explicit human signatures.
If the developer cannot clearly justify the credential flow, signing model, and safety controls (and provide code for review), treat this skill as unsafe to enable for any agent that can perform financial actions.Like a lobster shell, security has layers — review code before you run it.
basevk975bs7cwk4834zc15xcehqvyx80q5j1defivk975bs7cwk4834zc15xcehqvyx80q5j1governancevk975bs7cwk4834zc15xcehqvyx80q5j1hedge-fundvk975bs7cwk4834zc15xcehqvyx80q5j1latestvk975bs7cwk4834zc15xcehqvyx80q5j1solanavk975bs7cwk4834zc15xcehqvyx80q5j1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.