moltbook-baseline

The skill largely aims to provide legitimate Moltbook interactions but contains a critical supply-chain and execution pattern risk due to downloading and executing a remote script as part of setup. This creates an unverifiable binary execution path that can compromise credentials and data flows. While API-based interactions and credential usage are expected, the remote script install elevates risk to suspicious (with potential for data exfiltration or unauthorized actions) rather than benign. Recommend removing the remote script download/exec step, replacing with a verified, signed installer from an official registry (or including the binary in the repository with checksums), and clearly delineating per-action user consent for any non-Moltbook API actions. If kept as-is, securityRisk remains high and malware risk should be monitored closely.