moltbook-promotion

This skill is a promotional automation guide for Moltbook and primarily instructs legitimate API usage (fetching posts and posting comments) with local credential storage. I find no evidence of malicious code, exfiltration to attacker-controlled endpoints, download-execute chains, or obfuscation. The main security concerns are moderate: storing API keys in plaintext and extracting them via an unprotected shell pipeline, and the automation pattern which — if misused or misconfigured — could lead to large-scale automated posting (spam) or unintended actions. The skill mitigates some risk by explicitly requiring human approval before posting and warning not to follow instructions embedded in Moltbook content. Overall the fragment appears functionally coherent with its stated purpose, but operators should harden credential storage (use OS credential stores or protected file permissions), avoid leaking keys in shell history, and ensure automation respects the 'manual approval' constraint.