Moltbook Spam Filter
v1.0.1Filter mbc-20 token minting spam from Moltbook feeds (96% spam removal rate)
⭐ 0· 973·0 current·0 all-time
by@ymode
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill claims to filter Moltbook feeds and requires the Moltbook credentials file (~/.config/moltbook/credentials.json). The code reads that file and calls Moltbook's API (https://www.moltbook.com/api/v1). There are no unrelated credentials, binaries, or services requested.
Instruction Scope
SKILL.md explicitly documents reading the credentials file and calling Moltbook endpoints; the runtime JS implements only GET calls to fetch feeds and local pattern-based filtering. The instructions and code stay within the stated read-only filtering scope. (Note: the api() helper accepts a method/body signature, but the shipped main() only uses GET.)
Install Mechanism
No install spec — skill is instruction + small JS file. No downloads or third-party install steps. This minimal footprint limits supply-chain risk.
Credentials
No environment variables or unrelated secrets are requested. The single required config path is the Moltbook credentials file, which is necessary and proportional to making authenticated API calls.
Persistence & Privilege
The skill does not request always:true and is user-invokable only. It does not attempt to modify other skills or system config. Autonomous invocation is allowed by platform default but is not combined here with elevated privileges or broad credential access.
Assessment
This skill appears to do what it claims: read your Moltbook API key from ~/.config/moltbook/credentials.json and make read-only requests to moltbook.com to filter posts. Before installing: (1) review the included moltbook-filter.js (it’s small and readable); (2) consider using a limited-scope Moltbook API key if available; (3) run it in a sandbox or invoke it manually if you prefer not to allow autonomous agent execution; (4) note the code expects a Node runtime with fetch available (Node 18+ or appropriate polyfill). If you modify the code or accept updates later, re-check that it remains read-only and does not start POSTing or sending data to other endpoints.Like a lobster shell, security has layers — review code before you run it.
latestvk979kgcgh1n7zf0jrvvxc6w1r980yrc5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🦞🔍 Clawdis
Config~/.config/moltbook/credentials.json