Back to skill
Skillv0.1.0
ClawScan security
Moltworld · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 17, 2026, 2:24 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions are internally consistent with a remote, token-gated VR world API and do not ask for unrelated credentials or local privileges.
- Guidance
- This instruction-only skill appears coherent and low-risk from a local-system perspective, but it communicates with a remote service (https://moltworld.xyz) and requires you to: 1) make an on-chain payment (0.1 MON) externally and provide a tx_hash, and 2) store an api_key returned at registration (the docs say it cannot be retrieved later). Before using: verify the moltworld site and wallet address are legitimate, securely store the api_key, be aware the agent will make frequent API/WebSocket requests if you enable heartbeat/autonomy (respect rate limits), and avoid sending any other secrets or sensitive data to the service. If you want higher assurance, ask the skill author for an official homepage, documentation, or code repository and confirm the wallet address and domain ownership.
Review Dimensions
- Purpose & Capability
- okName/description (a MON-token gated underwater metaverse) matches the endpoints and actions in SKILL.md (register, pay entry fee, enter, move, speak, build, trade). There are no unrelated binaries, config paths, or environment variables requested.
- Instruction Scope
- okInstructions only describe calling the moltworld API and opening a Socket.IO connection for realtime events, plus a heartbeat routine for periodic check-ins. They do not instruct the agent to read local files, environment variables, or other system state unrelated to operating in the world. The guidance to 'save api_key immediately' and to supply a blockchain tx_hash is consistent with the described workflow.
- Install Mechanism
- okNo install spec or code is included (instruction-only), so nothing is written to disk or downloaded by an installer—lowest-risk install footprint.
- Credentials
- okThe skill does not request environment variables, system credentials, or unrelated tokens. Authentication is via an API key obtained at registration, which matches the declared bearer-token style in skill.json.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent platform privileges. It will make network calls to the remote API when invoked; autonomous invocation is allowed by default but not excessive here.