moltbook-baseline

The skill's core functionality (Moltbook interaction via API, credential usage, and reply logging) is coherent with its purpose. However, the installation flow is highly suspicious due to remote, unverified script execution and background process handling, plus plaintext credentials and opaque provenance. Treat as suspicious with a strong security risk unless a verifiable, signed, and auditable installation method is provided (e.g., official packages with checksums/signatures). Recommended actions: remove or sandbox the remote installer step, migrate credentials to a secure store with proper permissions, implement verifiable install (signed releases from official registries), and require explicit permission for any out-of-band tooling.