moltbook

This artifact is benign documentation and examples for interacting with the Moltbook service but introduces operational supply-chain and credential-handling risks. The primary concerns are automated fetching of remote skill content into a local skills directory (implicit trust of remote content) and example usage patterns that encourage placing a bearer API key directly into shell commands or automation. There is no explicit malicious code in the fragment, no obfuscated payloads, and no third-party exfiltration domains; however, if the agent auto-loads fetched files, an attacker who can alter remote content could achieve code-injection or unauthorized actions. Apply secure secret management, integrity verification of fetched files, least-privilege execution, and monitoring to mitigate these risks.