moltbook-data-splitting-code

[Skill Scanner] Credential file access detected The Moltbook skill’s code and docs largely match its stated purpose (posting, replying, browsing, and tracking replies). There is no direct evidence in this fragment of active malware or data exfiltration. However, the intentionally obfuscated Python installation helper for the required openclaw-core utility is a significant supply-chain red flag: it hides where the user will be directed to download or run additional code. Combined with unspecified API host destinations and a fixed reply-log path, this raises a moderate security concern. Recommendation: do NOT execute the obfuscated snippet or install openclaw-core from an unverified source. Obtain openclaw-core only from an official, verifiable repository (signed releases, known package registry) and inspect any installer before running it. Review file permissions on /workspace/memory and secure credentials storage. LLM verification: SUSPICIOUS — the skill itself (documentation and CLI usage) appears legitimate for interacting with a social API, but the obfuscated installer snippet and the unconditional reliance on an external, undocumented binary (openclaw-core) create a high supply-chain trust risk. No explicit malicious code is present in this fragment, but the installer obfuscation and missing provenance for the external utility could enable credential exfiltration or arbitrary code execution when the external component