Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Scout
v1.0.2Agent trust intelligence for Moltbook and x402 Bazaar. Use when you need to check if an agent or service is trustworthy before paying, compare agents side-by-side, scan feeds for quality agents, or make trust-gated USDC payments. Answers the question "should I pay this agent?" with research-backed scoring across 6 dimensions.
⭐ 0· 1.3k·8 current·8 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to be an 'agent trust intelligence' tool and the code implements Moltbook scoring, graph/on‑chain analysis, DM replying, and trust‑gated USDC payments — these capabilities are coherent with the description. However the registry metadata lists no required environment variables or binaries, while the SKILL.md and the code require a MOLTBOOK_API_KEY (and optionally SCOUT_PRIVATE_KEY for payments) and expect Node/npm to run the scripts. That mismatch between declared metadata and the actual runtime requirements is inconsistent and could mislead users about what secrets and runtime are needed.
Instruction Scope
SKILL.md shows two usage modes: (1) calling the public API at scoutscore.ai (no secrets) and (2) running local Node scripts that call Moltbook endpoints, read/write temporary files (/tmp/*.json), scan feeds, reply to DMs, and perform deep analysis including optional on‑chain wallet analysis. The instructions direct the agent/operator to provide MOLTBOOK_API_KEY and, for payments, a private key. The local scripts will post to Moltbook API endpoints and (if provided) use a wallet key to sign/send USDC. There is no instruction to exfiltrate data to unknown/personal endpoints, but the DM bot will read and send messages using the provided API key — a sensitive action that should be explicitly consented to.
Install Mechanism
There is no formal install spec in the registry (the skill is labelled instruction-only), but the repository contains package.json and package-lock.json with dependencies (ethers, @neondatabase/serverless, etc.). Running the local scripts will require Node and installing npm packages; the metadata did not declare Node or an install step. The npm packages are from the public registry (no suspicious direct downloads), but the absence of an install instruction and missing declared binaries is an inconsistency users should be aware of.
Credentials
The code and SKILL.md require MOLTBOOK_API_KEY for Moltbook access and optionally a SCOUT_PRIVATE_KEY (wallet private key) for making USDC payments. Those credentials are proportionate to the advertised features (scoring, DM replies, and trust‑gated payments). However the registry metadata advertised 'Required env vars: none', which is incorrect. Requesting a raw private key (SCOUT_PRIVATE_KEY) is particularly sensitive — acceptable if the user intends to let the skill sign/send funds, but risky if users provide their primary wallet key without isolating it or using a dedicated payment key.
Persistence & Privilege
The skill is not always-included and doesn't request unusual platform privileges. But several included components (api-server, dm-bot, safe-pay) are capable of autonomous actions when run: the DM bot reads unread messages and posts replies via the Moltbook API; the API server exposes endpoints and would require the API key to operate; safe-pay can sign/send payments if given a private key. Those runtime capabilities increase impact if secrets are provided or the scripts are run in an environment with network access — this is expected functionality but users should be explicit about where and when they run those components.
What to consider before installing
What to consider before installing or running Scout:
- Metadata mismatch: The registry metadata claims no required env vars/binaries, but SKILL.md and the code require Node/npm and a MOLTBOOK_API_KEY (and optionally a SCOUT_PRIVATE_KEY for payments). Treat the SKILL.md/code as authoritative and do NOT assume no secrets are needed.
- Sensitive credentials: MOLTBOOK_API_KEY is required for almost every script and grants read/write access to Moltbook endpoints (the DM bot posts replies). Only provide this key if you trust the code and run it in a controlled environment. SCOUT_PRIVATE_KEY is a private wallet key — only supply a throwaway/dedicated payment key with limited funds and permissions, never your primary wallet key.
- Prefer the hosted API when possible: Using the public API at https://scoutscore.ai avoids giving this environment your Moltbook API key or private key. If you only need a quick score, call the remote API rather than running local scripts.
- Inspect and sandbox: If you plan to run local scripts, review the scripts that will run (dm-bot, api-server, safe-pay). Run them in a sandboxed environment or container, with network access restricted if you don't want outgoing requests. Be aware that the dm-bot will read and send DMs using the provided API key.
- Use dry-run and limited keys: For payment testing, use the --dry-run option and a testnet wallet with only small amounts. Consider creating a Moltbook API key with minimal permissions if the platform supports it.
- Verify provenance: The SKILL.md links to scoutscore.ai and a GitHub repo, but the package/demo pages include an oddly truncated GitHub CTA (possible mismatch). Try to find the canonical project repo and confirm the publisher before trusting secrets to this code.
If you want, I can list the exact files and lines that require MOLTBOOK_API_KEY and SCOUT_PRIVATE_KEY, or suggest a safe checklist and a sandbox command set to run the scripts with minimal risk.Like a lobster shell, security has layers — review code before you run it.
latestvk970c7w8q6jpwr8765wnpqe39580q4q3
License
MIT-0
Free to use, modify, and redistribute. No attribution required.