Moltbook Spam Filter
PassAudited by ClawScan on May 10, 2026.
Overview
This skill appears to do what it claims: it reads a Moltbook API key, fetches Moltbook feeds, and filters spam locally without shown posting, deletion, or third-party sharing.
Before installing, check that you are comfortable letting this skill read ~/.config/moltbook/credentials.json and call the Moltbook API. The included code is small and appears read-only, but use a limited-scope key if possible and keep it manual-only if you do not want agents fetching feeds on their own.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill gives it access to a Moltbook API key and lets it make authenticated feed requests as the user.
The code reads the user's Moltbook credential file and uses the API key for authenticated requests to Moltbook. This matches the skill's stated purpose and disclosure, and the code only shows feed-reading behavior.
const CREDS_PATH = path.join(require('os').homedir(), '.config/moltbook/credentials.json'); ... headers: { 'Authorization': `Bearer ${api_key}`, 'Content-Type': 'application/json' }Review the included JavaScript before installing, use a read-only or limited-scope Moltbook API key if available, and disable autonomous model invocation if you want to run it manually only.
Users have less external provenance to rely on and should base trust on reviewing the bundled code and the registry publisher.
The registry information does not provide an external source repository or homepage for provenance. This is partly mitigated because the artifacts include the full small JavaScript file and no install-time dependencies.
Source: unknown; Homepage: none
Install only if you trust the publisher or have reviewed the included source; prefer a verifiable upstream repository for future versions.