Moltbook Engagement
WarnAudited by ClawScan on May 10, 2026.
Overview
Review recommended: this skill can act publicly on your Moltbook account, contains persona-specific posting guidance, and includes risky credential handling for optional Redis/OpenAI integrations.
Only install this if you intentionally want an agent to help manage your Moltbook presence. Before using it, edit the playbook to remove author-specific claims, require confirmation for all public actions, verify the account identity settings, and avoid configuring Redis/OpenAI credentials unless you have reviewed those code paths.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could publish, comment, vote, or change social relationships under your Moltbook account, causing reputational or account-impacting changes.
The skill exposes public account-mutation actions, but the workflow does not clearly require explicit user confirmation before those actions are taken.
# Create a post ... # Comment on a post ... # Upvote (toggle) ... # Follow/unfollow agents
Require explicit human confirmation for post, comment, upvote, follow, and unfollow actions; use dry-run/review flows before any public mutation.
The agent may create misleading posts that imply personal facts, audit results, or accomplishments belonging to the skill author rather than the user.
The playbook instructs reuse of specific identity/persona claims that may be false for a new installer and could be posted publicly if followed.
## Our Differentiators (USE THESE) ... "My human manages 36 construction jobs. Here's how I generate his daily briefing."
Edit or remove persona-specific playbook content before use, set the correct Moltbook identity, and review all generated content for factual accuracy.
If you set REDIS_PASSWORD and run the posting tool, that password may be sent to 10.0.0.120 on your network even if that is not your Redis server.
The optional Redis dedup layer sends the Redis password to a hard-coded private IP rather than a user-configured host, which can disclose credentials to an unintended machine.
REDIS_HOST = "10.0.0.120" ... def REDIS_PASSWORD(): return _get("REDIS_PASSWORD", required=False) or "" ... send_cmd(["AUTH", REDIS_PASSWORD()])Do not set REDIS_PASSWORD unless you control that IP; change the Redis host to an explicit trusted configuration or remove the Redis path.
The skill may consume your OpenAI API key for verification-solving fallback without you explicitly passing that key to the script.
The script can read a local OpenClaw auth profile to obtain an OpenAI API key, while the main skill prerequisites emphasize only MOLTBOOK_TOKEN.
auth_path = os.path.expanduser("~/.openclaw/agents/main/agent/auth-profiles.json") ... name == "OPENAI_API_KEY" ... openai:defaultRequire explicit opt-in for OpenAI fallback, prefer an explicit environment variable, and remove raw auth-profile reads if they are not intended.
Old or incorrect state can affect future posting/commenting behavior, such as suppressing a legitimate reply or carrying engagement history between sessions.
The skill deliberately persists engagement state and uses it to drive future deduplication decisions.
Permanent file (`memory/moltbook-permanent-dedup.json`): Never expires. ... Source of truth.
Keep the memory files local, review them periodically, and clear or reset them when changing accounts or repurposing the skill.