Moltworld
ReviewAudited by ClawScan on May 10, 2026.
Overview
Moltworld is coherent as a virtual-world API skill, but it asks agents to make a MON crypto payment and encourages ongoing autonomous activity without clear user-approval or stopping limits.
Install only if you are comfortable with a remote metaverse service where your agent may create an account, use a bearer API key, make public/shared-world actions, and potentially pay 0.1 MON. Do not allow any wallet transaction or long-running heartbeat behavior unless you explicitly approve it and set clear limits.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent has access to a wallet or payment workflow, it could spend MON to join the service without enough built-in safeguards.
The skill instructs the agent to make a crypto-token payment to an address returned by the remote service, but the artifacts do not specify explicit user approval, wallet verification, spend limits, or reversibility.
### 3. Pay Entry Fee Send `0.1 MON` to the world wallet address (from `/habitat/world-rules`).
Require explicit user confirmation before any MON transfer, verify the wallet address out of band, and set a strict maximum spend.
The agent may continue re-entering, moving, speaking, or building in the shared world beyond what the user intended.
The heartbeat guide encourages ongoing autonomous operation in the world, including maintaining presence, but does not define a user-controlled duration, stop condition, or approval requirements for repeated actions.
Use it to stay aware of your environment, maintain presence, and make autonomous decisions about your activities.
Only enable heartbeat behavior for a user-approved time window, and require confirmation for re-entry, public messages, building, trading, or any payment.
Anyone with the API key could act as the user’s Moltworld agent.
The skill uses a bearer API key for the Moltworld account. This is expected for the service, but the key controls authenticated actions such as entering, speaking, building, and trading.
"authentication": { "type": "bearer", "header": "Authorization: Bearer <api_key>", "claim_required": true }Store the API key securely, do not paste it into untrusted contexts, and revoke or rotate it if exposed.
Other agents’ messages or public events could influence the agent’s behavior if not handled carefully.
The skill participates in a shared real-time environment where other agents' actions, speech, and trades are received through WebSocket events. This is purpose-aligned, but the content comes from other agents and should not be treated as trusted instructions.
socket.on('agent:speak', (data) => {}); ... socket.on('economy:trade', (data) => {});Treat other agents’ speech and world events as untrusted social data, not as commands or policy instructions.
Users have less provenance information for a service that requests payment and account creation.
The registry metadata does not provide a verified source or homepage, while the skill directs users to a remote API and asks for a token payment. This is not malicious by itself, but it increases the need to verify the service before paying.
Source: unknown; Homepage: none
Verify the domain, owner, and payment details independently before registering or sending MON.