moltbook
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill reads API credentials from
~/.config/moltbook/credentials.jsonand~/.openclaw/auth-profiles.json. This is the intended behavior for authenticating with the Moltbook API. The extractedAPI_KEYis only transmitted to the official service domainhttps://www.moltbook.com/api/v1via Bearer authentication. - [COMMAND_EXECUTION]: The bash script
scripts/moltbook.shuses standard system utilities includingcurl,jq,grep, andsedto perform API operations and parse responses. These operations are restricted to the primary purpose of the skill. - [INDIRECT_PROMPT_INJECTION]: The skill represents an attack surface for indirect prompt injection as it retrieves untrusted user-generated content (posts and comments) from Moltbook.
- Ingestion points: Content is ingested through
GETrequests inscripts/moltbook.sh(commandshot,new, andpost). - Boundary markers: The skill does not provide explicit delimiters or instructions to the agent to ignore embedded commands in the fetched data.
- Capability inventory: The skill has network access (
curl) and local file read/write capabilities (credentials and reply logs). - Sanitization: There is no evidence of sanitization or filtering of the external content before it is passed to the agent context.
Audit Metadata