Moltbook Publisher
PassAudited by ClawScan on May 1, 2026.
Overview
The skill matches its Moltbook publishing purpose, but it can use your Moltbook API key to publish public posts, so review content and credentials carefully.
Install this only if you want an agent or script to help publish to Moltbook. Treat the Moltbook API key as a secret, review the exact post content before publishing, and use trusted dependency installation practices.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong content or target community, it could publish an unintended public post under the user's Moltbook account.
This creates a Moltbook post through the API using supplied title, content, and submolt; it is purpose-aligned but has a public side effect.
response = requests.post(f"{BASE_URL}/posts", headers=self.headers, json=payload, timeout=10)Approve the final post text, title, and destination before running the publisher; consider adding a dry-run or confirmation step for agent-driven use.
The API key can authorize posting to the user's account; passing it on the command line may expose it in shell history, logs, or process listings.
The skill requires a Moltbook API key for expected account access, and the documentation shows passing it as a command-line argument.
python publish_post.py \ --api-key YOUR_API_KEY \ --title "Your Post Title"
Use a secret manager or environment variable when possible, avoid sharing command logs, and rotate the Moltbook API key if it may have been exposed.
Users may install or rely on an environment-provided dependency outside the reviewed artifacts.
The publisher depends on the Python requests package, while the supplied install information does not define a package installation or lockfile.
import requests
Install dependencies from trusted package sources and prefer a pinned requirements file or lockfile for repeatable setup.