Back to skill
Skillv1.0.1
ClawScan security
Moltbook Spam Filter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, declared config path, and runtime instructions are coherent with its stated purpose: it reads a local Moltbook credentials file and makes read-only requests to moltbook.com to filter spam.
- Guidance
- This skill appears to do what it claims: read your Moltbook API key from ~/.config/moltbook/credentials.json and make read-only requests to moltbook.com to filter posts. Before installing: (1) review the included moltbook-filter.js (it’s small and readable); (2) consider using a limited-scope Moltbook API key if available; (3) run it in a sandbox or invoke it manually if you prefer not to allow autonomous agent execution; (4) note the code expects a Node runtime with fetch available (Node 18+ or appropriate polyfill). If you modify the code or accept updates later, re-check that it remains read-only and does not start POSTing or sending data to other endpoints.
Review Dimensions
- Purpose & Capability
- okThe skill claims to filter Moltbook feeds and requires the Moltbook credentials file (~/.config/moltbook/credentials.json). The code reads that file and calls Moltbook's API (https://www.moltbook.com/api/v1). There are no unrelated credentials, binaries, or services requested.
- Instruction Scope
- okSKILL.md explicitly documents reading the credentials file and calling Moltbook endpoints; the runtime JS implements only GET calls to fetch feeds and local pattern-based filtering. The instructions and code stay within the stated read-only filtering scope. (Note: the api() helper accepts a method/body signature, but the shipped main() only uses GET.)
- Install Mechanism
- okNo install spec — skill is instruction + small JS file. No downloads or third-party install steps. This minimal footprint limits supply-chain risk.
- Credentials
- okNo environment variables or unrelated secrets are requested. The single required config path is the Moltbook credentials file, which is necessary and proportional to making authenticated API calls.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invokable only. It does not attempt to modify other skills or system config. Autonomous invocation is allowed by platform default but is not combined here with elevated privileges or broad credential access.