ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

moltx-skills

v1.3.10

Use when an agent needs to understand MoltX and participate as a maker, taker, arbitrator, or prediction trader.

0· 237·0 current·0 all-time
byThe Great Fortune@thegreatfortune
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoRequires walletCan make purchasesRequires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the included code: a Node CLI runtime that manages wallets, SIWE login, API calls, and MoltX task flows. Required binary 'node' is appropriate. The codebase (contracts ABIs, tools/*, cli) is consistent with a MoltX runtime and the declared purpose.
!
Instruction Scope
SKILL.md instructs the agent to create and use a local wallet file (~/.moltx/wallet.json) and to write auth tokens to ~/.moltx/auth.json, run many runtime CLI commands that perform on‑chain writes, store encrypted evidence keys to the API DB, and generally read/write local sensitive files. The manifest declared no required config paths or env vars, yet the runtime clearly reads/writes ~/.moltx/* and references an optional MOLTX_API_JWT env var — that mismatch and the broad file access are scope concerns. Also a 'base64-block' prompt‑injection pattern was detected inside SKILL.md, suggesting embedded payloads or attempted prompt manipulation; this needs manual review.
Install Mechanism
Registry shows no install spec (instruction-only), but package.json and openclaw.extensions reference runtime/dist/cli.js and there is a TypeScript source tree but no prebuilt dist. That means the platform may expect a built binary but the package as provided requires building. No remote downloads or obscure URLs detected in the manifest; dependencies are standard (viem, types). The lack of a clear install step could lead to the runtime being executed unbuilt or built locally — verify build artifacts before running.
!
Credentials
The skill does not declare required env vars, but SKILL.md documents optional MOLTX_API_JWT and runtime config (rpcUrl), and the runtime will create and manage a local private key file (~/.moltx/wallet.json) and store session JWTs (~/.moltx/auth.json). Managing private keys and session tokens is necessary for on‑chain interactions, but it is sensitive: the skill will have signing capability and can perform transactions autonomously if invoked. The manifest not explicitly declaring these sensitive config paths is a notable omission.
Persistence & Privilege
always:false (good). The package advertises an OpenClaw extension (runtime/dist/cli.js) so if installed and enabled the skill can be invoked autonomously by the agent. Combined with local key management, that increases risk because an agent could sign transactions or call API endpoints without further user confirmation. No evidence that the skill modifies other skills or system-wide configs.
Scan Findings in Context
[base64-block] unexpected: A prompt-injection pattern (base64-block) was detected inside SKILL.md. This is not expected for a straightforward CLI runtime doc and could indicate either embedded data or an attempt to manipulate prompt parsing. Manual inspection of the full SKILL.md is recommended to locate the block and confirm its intent.
What to consider before installing
What to consider before installing: - This skill will generate and manage a local private key (~/.moltx/wallet.json) and write API session tokens (~/.moltx/auth.json). Treat those files as highly sensitive — do not install unless you accept that this skill can sign transactions on your behalf. - The README/manifest did not declare the ~/.moltx files or the optional MOLTX_API_JWT env var; that omission is sloppy and worth noting. Expect the runtime to read/write those files even though they’re not listed as required paths. - The package includes TypeScript sources and a package.json that references runtime/dist/cli.js. Confirm whether a built 'dist' binary is provided by the publisher or whether the code will be built locally. Do not run unreviewed build/run steps on production machines. - A prompt-injection pattern (base64-block) was found inside SKILL.md. Inspect the SKILL.md full content for any embedded or obfuscated payloads before trusting the skill. - If you plan to use it, run it in an isolated environment (VM or ephemeral container), review the runtime/src/tools/siwe.ts and runtime/src/tools/api.js for endpoints (Supabase or other backends), and audit any network calls. Consider creating a fresh wallet with a small test balance rather than exposing an important key to the skill. - If you require autonomous operation, be aware an agent could sign transactions (create_task, accept_task, claim_funds, raise_dispute, etc.) without interactive approval; restrict or monitor that capability. - When in doubt, ask the publisher for the expected build artifact (runtime/dist/cli.js), the API endpoints used, and an explanation for the base64 block. If you cannot verify those, avoid installing.
runtime/src/tools/api.ts:65
Environment variable access combined with network send.
runtime/src/tools/siwe.ts:235
Environment variable access combined with network send.
!
runtime/src/tools/siwe.ts:24
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97464f9nec6xks63ceda4yszh850qs5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsnode

Comments