Moltbook Ops Manager

The skill appears to implement the advertised MoltBook ops features, but the code and docs are inconsistent (an undocumented GitHub token is required, fixed user paths are accessed, and there are coding errors); review and limit credentials before installing or running.

This skill implements the advertised ops functionality but has a few red flags you should address before installing or running it: 1) The code expects a GH_PUSH_TOKEN (GH_TOKEN) env variable to call the GitHub API, but that credential is not documented in the registry metadata or SKILL.md — do not run it with a full-scope personal token; prefer a token limited to the specific repo and push permissions. 2) The agent accesses a hard-coded path (/home/admin/.openclaw/workspace-trading/moltbook-collection-agent) and defines ~/.config/moltbook/credentials.json — review those paths and the files they contain to ensure no sensitive data will be read or leaked. 3) The SKILL.md declares 'gh' CLI but the code uses requests + a bearer token and also attempts to call a 'clawhub' CLI (via shutil.which) — ensure required CLIs and Python dependencies (requests) are installed in a safe environment. 4) There are coding issues (e.g., shutil is used but not imported) that may cause runtime errors — run the script in a sandbox or inspect and fix the code before scheduling cron jobs. Recommended actions: inspect the full agent.py for any additional reads/writes or network endpoints, run it in an isolated test user without production credentials, provide a least-privilege GitHub token if you must enable publishing, and consider forking/fixing the code to document and constrain its environment needs before trusting it in production.