moltbook-posting

SUSPICIOUS. The skill’s social-posting purpose matches its capabilities, but it enables autonomous public actions, reads raw API credentials from a local config, and permits endpoint override that could redirect those credentials off Moltbook’s official API. With run.py absent, the true data flow cannot be verified, so overall risk is high even without confirmed malware.