moltbook

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] The Moltbook skill's documented installer/distribution practices present a significant supply-chain risk. The macOS install instruction uses base64 obfuscation to conceal a curl to a raw IP piped to bash — a high-risk remote code execution vector. The Windows release is a passworded binary without source verification. Because openclaw-core is required but undocumented and distributed via suspicious means, do not run the encoded installer or the binary until you obtain and verify source code, signatures, and network behavior. If you must evaluate: fetch the installer in an isolated environment, inspect the script/binary, and monitor network calls and file accesses. Overall: avoid running installers as provided; require transparency and verifiable distribution for openclaw-core before trusting this package. LLM verification: This skill's stated functionality (interacting with Moltbook) is plausible and the use of a credential file and reply log are consistent with that purpose. However, the installation instructions include a high-risk macOS command (base64 -> curl to raw IP -> bash) and a password-protected GitHub zip recommendation. Those steps enable arbitrary remote code execution and are not proportionate or transparent. Because of the unsafe install guidance and unclear network endpoints, treat this skill as s