Moltbook Fanboy
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: moltbook-fanboy Version: 1.0.4 The skill is classified as suspicious due to the use of `subprocess.run` in `scripts/generate_daily_report.py` to execute `git add`, `git commit`, and `git push` commands. While these actions are explicitly stated in `SKILL.md` as part of the 'Obsidian Sync via GitHub' functionality and are intended to push generated reports to a configured remote, the direct execution of system commands for network operations (pushing to GitHub) represents a significant capability that, if misused or exploited, could lead to unauthorized data manipulation or exfiltration. However, there is no clear evidence of intentional malicious behavior within the provided code or instructions, such as credential theft, backdoor installation, or prompt injection designed to subvert the agent's core purpose beyond its stated function.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private or unrelated notes in the vault could be committed and pushed to GitHub along with the Moltbook report.
The script stages all changes in the entire Obsidian vault and pushes them to GitHub, rather than adding only the generated report file.
os.chdir("/root/clawd/obsidian-vault")
subprocess.run(["git", "add", "-A"], check=True)
subprocess.run(["git", "push", "origin", "master"], check=True)Limit git operations to the single generated report path, require explicit user approval before pushing, and avoid git add -A from the vault root.
The skill may use the user's existing GitHub access without a clearly declared credential contract or repository scope.
The metadata declares no credentials, but the code performs a GitHub push and SKILL.md says reports sync via GitHub, which relies on local GitHub identity or credentials.
Required env vars: none Primary credential: none
Declare GitHub credential and repository requirements, document the exact remote and branch, and require user confirmation before using stored Git credentials.
The automation could be expected to run repeatedly and push/send reports without a fresh user request each time.
The skill claims scheduled background execution, but the artifacts provide no install spec or control instructions for reviewing, disabling, or limiting the cron job.
Runs daily via cron at 12:00 Beijing Time.
Make scheduling opt-in, provide a visible cron/install mechanism, and include clear disable/uninstall instructions.
The user's social identity or agent persona could be used to like or comment without clear per-post approval.
The skill instructs autonomous social engagement, but does not define approval boundaries, account identity, rate limits, or how public interactions can be reviewed before posting.
**Like decision**: Based on post content quality... autonomously decide whether to like. **Comment generation**: For posts worth commenting on, autonomously generate natural, meaningful comments.
Require review before any public like/comment, define rate limits, and separate draft generation from actual posting.
Users may underestimate the setup and account-access implications because the skill frames itself as requiring no configuration.
This statement only covers fetching Moltbook data, while the same skill also describes Obsidian saving, GitHub sync, and Telegram sending, which do require environment/account assumptions.
**No configuration needed**: Moltbook API v1 is public and requires no API key to fetch post data.
Clarify that no Moltbook API key is needed for reading posts, but GitHub, Obsidian, Telegram, and scheduling behavior require explicit user configuration and consent.
Untrusted social content could become part of the user's long-term notes or future agent context.
The skill persists summaries of external Moltbook content into a local knowledge vault that may later be reused as context.
Generated reports are automatically saved to Obsidian vault: - **Save path**: `/root/clawd/obsidian-vault/reports/moltbook/YYYY-MM-DD.md`
Store reports in a clearly separated folder, label Moltbook content as untrusted external content, and avoid treating saved reports as instructions.