moltbook

The skill's declared purpose (interacting with a Moltbook social network) aligns with the capabilities requested: reading a local API key, using a CLI script to call API endpoints, and maintaining a local reply log. There are no direct indicators of active malicious behavior in the provided fragment (no obfuscated payloads, no hardcoded external attacker domains, no download-and-execute instructions). However, there are moderate supply-chain and privacy risks: credentials are stored in plaintext JSON, reply state is placed in a workspace path that may be shared, and the manifest omits fully-qualified API hostnames so it's not possible to verify that network traffic goes to an official service. The presence of an executable shell script (scripts/moltbook.sh) means the actual behavior depends on that script's contents; without reviewing it, residual risk remains. Overall the skill appears functionally consistent with its stated purpose but requires further review of scripts and concrete endpoint configuration before it can be labeled low-risk.