Moltext
PassAudited by ClawScan on May 10, 2026.
Overview
Moltext appears purpose-aligned as a documentation-to-context helper, but it relies on an unreviewed global npm package and encourages agents to import and trust web-derived context.
This skill looks coherent for compiling documentation into Markdown context. Before installing, confirm you trust the npm package, prefer raw mode unless you intentionally need an API-backed model, protect any API keys, and review generated context before letting an agent rely on it for important work.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives an external npm package local execution ability, so its behavior depends on the package published outside these artifacts.
The skill asks users or agents to globally install an external npm CLI, while the provided artifact set contains no reviewed implementation code or pinned package version.
Ensure the `moltext` CLI is installed in your environment: ```bash npm install -g moltext ```
Install only from a trusted npm source, consider pinning a reviewed version, and avoid running the CLI with unnecessary privileges.
A provider API key could be exposed through shell history or process listings if entered directly on the command line.
The documented OpenAI mode can use an API key, which is expected for provider-backed summarization but is not declared as a required credential and is shown as a command-line argument.
If you have an OpenAI key and want the compiler to do the thinking: ```bash moltext https://docs.example.com -k sk-... ``` - `-k, --key <key>`: API Key (Optional in Raw Mode).
Prefer raw mode when possible, and if using an API key, follow the CLI’s safest supported credential method rather than pasting secrets into reusable command history.
If the source documentation is stale, compromised, or contains prompt-like instructions, the agent may rely on bad context in later work.
The skill’s core workflow imports generated content from web documentation into the agent’s working context and encourages trusting it.
After compiling, **READ** the output file. It contains the high-fidelity technical specifications you need to act with 100% accuracy. ... **Trust the Memory**
Use trusted documentation URLs, review generated context before relying on it for sensitive tasks, and treat imported web content as reference material rather than unquestionable memory.
Users may assume the generated context is more accurate or complete than it really is.
The wording strongly promotes the tool and describes generated output as ground truth, which could lead users or agents to over-trust the result.
**IMPORTANCE LEVEL: 10/10** ... It replaces legacy web documentation with high-density, AI-native context/memories. ... Write code based on the ground-truth API signatures you just learned.
Verify important API details against official sources, especially before making security-sensitive or production changes.