MoltsPay Skill

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This skill matches its payment purpose, but it should be reviewed because it can auto-run setup code, create a persistent crypto wallet, and make USDC payments without a clear confirmation step.

Install only if you are comfortable with a skill that can set up a crypto wallet and pay for services. Before funding the wallet, verify the MoltsPay package source, keep the default low limits or lower them, and require the agent to ask for confirmation before every paid request.

Static analysis

Dangerous exec

Critical

Finding: Shell command execution detected (child_process).

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#ASI02: Tool Misuse and Exploitation

High

What this means

A broad request like generating a video could result in an actual USDC payment if the wallet has funds.

Why it was flagged

The documented common workflow proceeds directly to a payment once the wallet is funded, without an explicit approval step for the specific service, provider URL, and price.

Skill content

If funded  pay for text-to-video service

Recommendation

Require explicit user confirmation before every paid action, showing the provider, service ID, price, destination, wallet balance, and daily spend remaining.

#ASI05: Unexpected Code Execution

High

What this means

Installing the skill through a package flow could run local setup code before the user explicitly asks to create a wallet or pay for a service.

Why it was flagged

The package declares automatic setup execution, including an npm postinstall hook, even though the registry install section says there is no install spec.

Skill content

"setup": "node scripts/setup.js", "postinstall": "node scripts/setup.js"

Recommendation

Remove automatic postinstall execution or require a clear, user-approved setup step before running local commands.

#ASI04: Agentic Supply Chain Vulnerabilities

High

What this means

The user's machine may execute and trust code from an external npm package that can change independently of this skill review.

Why it was flagged

Setup downloads and globally installs the external moltspay package without a pinned version, so the reviewed skill artifacts do not fully define the code that will run.

Skill content

run('npm install -g moltspay');

Recommendation

Pin the package version, provide provenance or checksums, avoid global installation where possible, and declare the dependency in installation metadata.

#ASI03: Identity and Privilege Abuse

Medium

What this means

If funded, this wallet can be used by the skill/CLI to spend USDC within configured limits; the wallet file may also represent sensitive financial authority.

Why it was flagged

The setup creates or uses a persistent local crypto wallet in the user's home directory and configures spending limits.

Skill content

const WALLET_PATH = path.join(os.homedir(), '.moltspay', 'wallet.json'); ... run('moltspay init --chain base --max-per-tx 2 --max-per-day 10');

Recommendation

Declare the wallet path and financial credential behavior clearly, require opt-in wallet creation, advise users to fund only small amounts, and keep conservative spending limits.