Moltpho
WarnAudited by ClawScan on May 10, 2026.
Overview
Moltpho is openly a shopping/payment skill, but it gives the agent broad default authority to make real Amazon purchases and spend mUSD without confirmation or spending caps.
Review this carefully before installing. If you use it, first configure Moltpho portal limits: turn off proactive buying unless you truly want it, require confirmation before purchases, set low per-order and daily caps, restrict categories, and understand the 10% markup and cancellation limits. Protect the local credentials file and only proceed if you trust the Moltpho service with payment and shipping information.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could misunderstand a conversation or request and place real orders using the user's credit/mUSD balance.
The artifacts explicitly permit high-impact purchasing without per-order confirmation, including proactive purchases inferred from conversation, while default spending caps are unlimited for normal autonomous purchases.
Autonomous Purchasing ... Default: ON ... complete purchases without explicit confirmation ... Proactive Purchasing ... Default: ON ... may initiate purchases based on detected needs in conversation, without explicit purchase requests ... Per-Order Cap ... Default: none (unlimited) ... Daily Cap ... Default: none (unlimited).
Before use, disable proactive purchasing, enable confirmation-required mode, and set strict per-order, daily, and category limits in the Moltpho portal.
A wrong or unwanted purchase may become hard to cancel quickly and could require returns or support after fulfillment starts.
A mistaken agent decision can propagate into token settlement, procurement, and a real-world order with limited reversal.
mUSD transferred to MoltphoMall contract -> Procurement task created ... Orders can be canceled within 5 minutes of PAID status; After PLACED status, cancellation is not possible.
Require explicit approval immediately before order placement and keep cancellation/return expectations clear to the user.
Anyone or any agent process able to use those credentials may be able to act on the Moltpho account within its policy limits.
The skill stores a provider API secret and uses it for wallet/payment-signing flows. This is expected for the stated service, but it is delegated financial authority.
"api_key_secret": "moltpho_secret_...", "wallet_address": "0xabc123..." ... SIGN PAYMENT: Call POST /v1/wallets/x402/sign ... Returns: payment_signature
Protect the credentials file, rotate keys if exposed, and set portal-side spending limits so the credential cannot spend broadly.
Conversation details or derived need/budget signals may influence purchases and be retained in order records.
The proactive logic uses conversation-derived context and stores decision audit data with orders, which is purpose-aligned but sensitive.
Detects need signals in conversation ... This data is stored in orders.decision_reason for compliance and debugging.
Avoid sharing unnecessary sensitive context with the shopping agent and review Moltpho's retention/privacy practices.
Users may approve or allow purchases without understanding the service markup included in the final price.
The policy says the 10% markup is not itemized or disclosed at runtime, which is a material pricing tradeoff for a purchasing agent.
Markup | +10% ... Note: The markup is not itemized or disclosed. Agents and owners see only the final Moltpho price.
Require the agent to disclose the final price, estimated base price if available, and Moltpho markup before purchase.
It may be harder to independently verify the publisher, service, or support path before trusting it with purchases.
The artifact provenance is limited, which matters more because the skill can spend funds and manage shipping/account data.
Source: unknown; Homepage: none
Install only if you trust the Moltpho provider and can verify the account portal, terms, and support process.