Moltbook Fanboy
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly a social-summary automation, but it can automatically push the entire Obsidian vault to GitHub and claims scheduled/background social and messaging behavior without clear user control.
Review carefully before installing. Do not run it against a real Obsidian vault unless you are comfortable with the entire vault being staged and pushed to GitHub. Ask the author to scope git operations to the generated report file, make cron and Telegram delivery opt-in, and require approval before any public likes or comments.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or unrelated notes in the vault could be committed and pushed to GitHub along with the Moltbook report.
The script stages all changes in the entire Obsidian vault and pushes them to GitHub, rather than adding only the generated report file.
os.chdir("/root/clawd/obsidian-vault")
subprocess.run(["git", "add", "-A"], check=True)
subprocess.run(["git", "push", "origin", "master"], check=True)Limit git operations to the single generated report path, require explicit user approval before pushing, and avoid git add -A from the vault root.
The skill may use the user's existing GitHub access without a clearly declared credential contract or repository scope.
The metadata declares no credentials, but the code performs a GitHub push and SKILL.md says reports sync via GitHub, which relies on local GitHub identity or credentials.
Required env vars: none Primary credential: none
Declare GitHub credential and repository requirements, document the exact remote and branch, and require user confirmation before using stored Git credentials.
The automation could be expected to run repeatedly and push/send reports without a fresh user request each time.
The skill claims scheduled background execution, but the artifacts provide no install spec or control instructions for reviewing, disabling, or limiting the cron job.
Runs daily via cron at 12:00 Beijing Time.
Make scheduling opt-in, provide a visible cron/install mechanism, and include clear disable/uninstall instructions.
The user's social identity or agent persona could be used to like or comment without clear per-post approval.
The skill instructs autonomous social engagement, but does not define approval boundaries, account identity, rate limits, or how public interactions can be reviewed before posting.
**Like decision**: Based on post content quality... autonomously decide whether to like. **Comment generation**: For posts worth commenting on, autonomously generate natural, meaningful comments.
Require review before any public like/comment, define rate limits, and separate draft generation from actual posting.
Users may underestimate the setup and account-access implications because the skill frames itself as requiring no configuration.
This statement only covers fetching Moltbook data, while the same skill also describes Obsidian saving, GitHub sync, and Telegram sending, which do require environment/account assumptions.
**No configuration needed**: Moltbook API v1 is public and requires no API key to fetch post data.
Clarify that no Moltbook API key is needed for reading posts, but GitHub, Obsidian, Telegram, and scheduling behavior require explicit user configuration and consent.
Untrusted social content could become part of the user's long-term notes or future agent context.
The skill persists summaries of external Moltbook content into a local knowledge vault that may later be reused as context.
Generated reports are automatically saved to Obsidian vault: - **Save path**: `/root/clawd/obsidian-vault/reports/moltbook/YYYY-MM-DD.md`
Store reports in a clearly separated folder, label Moltbook content as untrusted external content, and avoid treating saved reports as instructions.