Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
MoltsPay Skill
v1.0.0Pay for and use AI services via MoltsPay protocol. Trigger: User asks to generate video, use a paid service, etc. Auto-discovers services from /.well-known/a...
⭐ 0· 312·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The claimed purpose (paying for AI services via a MoltsPay CLI) matches the included code: scripts call a 'moltspay' CLI, discover services, and perform payments. However, the skill metadata declares no required binaries or environment variables even though the runtime scripts expect node/npm and (in some shells) jq, and the package will attempt to install the 'moltspay' npm package globally. The absence of declared runtime requirements is an inconsistency.
Instruction Scope
SKILL.md and scripts instruct the agent to run commands that install software (npm install -g moltspay), initialize a wallet, check balance, and pay provider URLs. These instructions create and store wallet data in ${HOME}/.moltspay/wallet.json (private key/seed likely) and cause network calls to moltspay.com and provider .well-known endpoints. The runtime instructions do not access unrelated system files, but they do direct the agent to perform global installs and automatic wallet initialization which may be surprising and has privacy/secret-management implications.
Install Mechanism
There is no formal install spec, but package.json contains setup/postinstall hooks and scripts (setup.js/setup.sh) that run 'npm install -g moltspay'. That triggers a global npm install from the public registry at install time — a moderate-to-high risk action because it fetches and runs third-party code without the user explicitly declaring acceptance. The install is traceable (npm) but still heavier than the metadata suggests.
Credentials
The skill declares no required environment variables or credentials, which is coherent at a surface level. However it will create and store wallet state (likely private keys) under ~/.moltspay. A payments skill legitimately needs to manage keys, but the skill does not document or request explicit user consent before wallet generation. Also the shell helper references 'jq' for JSON parsing, but jq is not listed as a required binary.
Persistence & Privilege
The skill will persist wallet data in the user's home directory (~/.moltspay) and triggers global installation of the 'moltspay' CLI — both are persistent effects. 'always' is false (good), but the postinstall/setup hooks will run automatically on install which results in persistent files and potentially generated secrets. This persistent presence combined with automatic wallet creation increases risk if the upstream CLI or package is malicious or compromised.
What to consider before installing
This skill is plausible for paying AI services, but exercise caution before installing. Key points to consider:
- The skill will attempt to run npm install -g moltspay and run setup scripts automatically; that downloads and executes code from the npm registry. Only proceed if you trust the moltspay package and its maintainer (inspect https://github.com/Yaqing2023/moltspay and the npm package first).
- The setup auto-creates a wallet and writes ~/.moltspay/wallet.json (likely containing private keys/seeds). If you install, assume a new private key will be generated and stored locally. Do not fund that wallet with large amounts until you audit the code. Prefer funding with minimal test USDC first.
- The skill's metadata does not declare required binaries (node, npm, jq) even though scripts use them. Ensure your environment has these and understand the scripts that will run.
- To reduce risk: manually run and inspect scripts (scripts/setup.js, setup.sh) and review the moltspay npm package source before allowing automatic install; consider running the CLI in a contained environment (VM or container) and use a dedicated low-value wallet for payments.
- If you need a quick checklist: verify the npm package source, confirm where keys are stored and how seed/private key export/import works, and only fund the generated wallet after you are satisfied with the audit.scripts/setup.js:16
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
AI Agentvk970hehf179gmvqavkyjqqaf3982sqdvAgentic Walletvk970hehf179gmvqavkyjqqaf3982sqdvMulti Chainvk970hehf179gmvqavkyjqqaf3982sqdvPaymentvk970hehf179gmvqavkyjqqaf3982sqdvUSDCvk970hehf179gmvqavkyjqqaf3982sqdvlatestvk974fvabe0nd3ev8hk61722w1s83fpc7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.