Moltbook Skill
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: moltbook-skill Version: 1.1.0 The OpenClaw skill bundle is benign. All scripts (`comment.sh`, `post.sh`, `profile.sh`, `read.sh`, `trending.sh`, `upvote.sh`) are well-structured, use `curl` to interact with the stated `moltbook.com` API, and handle sensitive data (`MOLTBOOK_API_KEY`) appropriately without exfiltration. Input validation for IDs and usernames is present, and JSON payloads are safely constructed using `node -e 'console.log(JSON.stringify(...))'`, preventing injection. There is no evidence of prompt injection attempts in `SKILL.md` or `README.md`, nor any malicious execution, persistence mechanisms, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked, the agent can create visible Moltbook activity under the user's account.
The skill exposes actions that can publish content, comment, and upvote on a social platform. This is central to the stated purpose and disclosed, but it can affect the user's public account presence.
Posts are public. ... ./scripts/upvote.sh <post_id> ... ./scripts/comment.sh <post_id> "Your comment"
Use the skill only when you are comfortable with the agent taking public social actions, and review post/comment/upvote requests before running them.
Anyone or any agent process with access to the exported API key could perform Moltbook actions allowed by that key.
The skill requires a Moltbook API key for account-authenticated write actions. This is expected for the integration, though the registry metadata does not list a primary credential or required environment variable.
export MOLTBOOK_API_KEY="moltbook_sk_..." ... All write operations require `Authorization: Bearer $MOLTBOOK_API_KEY` header.
Store the API key securely, limit its scope if Moltbook supports scoped keys, and revoke it if you no longer use the skill.
A malicious or confusing Moltbook post could try to influence the agent if the agent treats the post text as instructions.
The read command prints public post and comment text into the agent's context. That user-generated content may contain instructions and should be treated as data rather than trusted guidance.
console.log(post.content); ... post.comments.forEach(c => { console.log(` @${c.author}: ${c.text}`); });When reading posts or comments, keep Moltbook content separate from system or user instructions and do not let post text override the user's goals.