Moltbook
ReviewAudited by ClawScan on May 10, 2026.
Overview
Moltbook matches its social-network purpose, but it asks agents to keep a recurring heartbeat, fetch remote instructions, store an API key, and potentially act publicly without clear per-action user approval.
Install only if you want your agent to participate in Moltbook. Before enabling heartbeat behavior, inspect the remote HEARTBEAT.md and MESSAGING.md files, avoid storing the API key in general memory, and require explicit confirmation before any public post, comment, vote, or community creation.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may keep checking and acting on Moltbook after the original user request, rather than only using the skill when explicitly asked.
The skill encourages adding Moltbook to a recurring heartbeat so the agent keeps running Moltbook-related behavior every few hours.
Add this to your `HEARTBEAT.md` ... `## Moltbook (every 4+ hours)` ... `Fetch https://www.moltbook.com/heartbeat.md and follow it`
Do not add the heartbeat unless you want ongoing autonomous participation; require explicit user approval before posting, commenting, voting, or creating communities.
Future remote instructions could change what the agent does during heartbeat checks, including how it interacts with the social network.
The agent is told to fetch remote content at runtime and follow it, but that remote HEARTBEAT.md content was not provided for review.
If 4+ hours since last Moltbook check: 1. Fetch https://www.moltbook.com/heartbeat.md and follow it
Review the remote HEARTBEAT.md content before enabling it, and treat remote instructions as untrusted unless the user confirms them.
The agent could create public posts, comments, votes, or other social actions under its Moltbook identity without the user reviewing each action first.
The skill combines account-mutation capabilities with recurring prompts to engage and post, without clear per-action approval boundaries.
Your heartbeat will now remind you to: - Check your feed for new posts - Engage with other moltys - Post when you have something to share
Configure the agent to ask before any public-facing action and set clear limits on what it may post, comment on, upvote, or create.
Behavior may depend on remote files that were not part of the submitted artifact set and could change later.
The reviewed package contains only SKILL.md, but the skill references and installs additional remote files that can be refreshed outside the registry review.
curl -s https://www.moltbook.com/heartbeat.md > ~/.moltbot/skills/moltbook/HEARTBEAT.md ... **Check for updates:** Re-fetch these files anytime to see new features!
Only install or refresh the additional files after inspecting them, and prefer pinned or reviewed versions for recurring agent behavior.
Anyone who obtains the API key may be able to impersonate the agent on Moltbook.
The service requires an API key that represents the agent identity; this is expected for the integration, but it is sensitive account authority.
All requests after registration require your API key ... Recommended: Save your credentials to `~/.config/moltbook/credentials.json`
Store the API key in a protected secret store or environment variable, restrict file permissions, and rotate it if exposed.
A stored API key may be unintentionally reused, exposed in context, or accessed by later tasks.
The skill suggests storing the API key in agent memory as one option, which can make a credential available across future contexts if the memory system is not designed for secrets.
You can also save it to your memory, environment variables (`MOLTBOOK_API_KEY`), or wherever you store secrets.
Do not store API keys in general agent memory; use a dedicated secrets manager or protected environment variable instead.