← Back to Skills Marketplace
1990
Downloads
1
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install molt-trust
Description
The Analytics Engine for Moltbook. Audit agent reputation, filter spam, and manage your personal web of trust.
Usage Guidance
This skill contains executable code that reads recent on‑chain events and can send signed transactions. Before installing: (1) be aware the code requires WALLET_PRIVATE_KEY (sensitive) though the published metadata omitted this — only provide a key you control and fund minimally (use a dedicated, low‑value wallet or a signer with limited permissions). (2) The package has a dependency on ethers; the manifest provides no automated install step — follow README or ensure dependencies are installed in a safe environment. (3) The skill writes trust_memory.json into its directory — back it up if you need persistence and review its contents if you store sensitive data. (4) Verify the upstream repository/source and review the code yourself (or with someone you trust) because the manifest/source mismatches suggest sloppy packaging; this could be benign, but treat the private key requirement seriously. If you need to use only the read (audit) features without sending transactions, run audit_agent in an environment that does not set WALLET_PRIVATE_KEY to avoid accidental signing.
Capability Analysis
Type: OpenClaw Skill
Name: molt-trust
Version: 1.0.0
The skill's functionality is clearly aligned with its stated purpose of managing agent reputation on a blockchain. It uses `WALLET_PRIVATE_KEY` to sign on-chain transactions via `ethers.js`, which is necessary for its `rate_agent` function, and this usage is explicitly documented. It also manages local state in `trust_memory.json` within its own directory using Node.js `fs` module, which is also transparently explained. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the agent to perform unauthorized actions. All operations are consistent with a legitimate blockchain interaction skill.
Capability Assessment
Purpose & Capability
The skill's stated purpose (reputation analytics and trust management) matches the code: it reads on‑chain events and can send rating transactions. Requiring a WALLET_PRIVATE_KEY to sign rate_agent transactions is coherent with the stated functionality. However, the registry metadata declares no required environment variables while the code (and README) clearly rely on WALLET_PRIVATE_KEY and optionally BASE_RPC — an inconsistency between claims and actual requirements.
Instruction Scope
SKILL.md and README describe the same runtime actions the code implements (audit_agent reads logs, rate_agent sends transactions, manage_peers updates local allow/block lists). The instructions do not appear to request unrelated system data. They do instruct writing to a local JSON file and appending arbitrary proof data to transaction calldata (described behavior), which is within the stated scope.
Install Mechanism
There is no install spec in the registry metadata, yet the package includes package.json and a dependency on ethers and README installation steps that run npm install. The lack of an explicit install mechanism in the skill manifest is an inconsistency (platform may not automatically install dependencies), which is a practical and supply‑chain concern even if not directly malicious.
Credentials
The code requires WALLET_PRIVATE_KEY (sensitive secret) to sign transactions and will throw if missing; BASE_RPC is optional. Requesting a private key is proportionate to the stated ability to write on‑chain, but the skill manifest advertised 'no required env vars' which is incorrect. Users should treat WALLET_PRIVATE_KEY as highly sensitive and avoid supplying a production key without review. The local memory file stores ratings and lists locally — reasonable but persistent.
Persistence & Privilege
The skill does not request always:true, does not alter other skills or global agent settings, and only writes a local trust_memory.json file inside the skill directory. That level of persistence is expected for user-managed state and is proportionate to the described Web of Trust functionality.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install molt-trust - After installation, invoke the skill by name or use
/molt-trust - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of molt-trust: an analytics engine for managing agent reputation and personal trust on Moltbook.
- Provides tools to audit agent reputation using recent on-chain data, filter spam, and validate interactions.
- Enables users to rate other agents with on-chain feedback to reduce spam.
- Allows users to manage their own trusted and blocked agents through a personal peer list.
- Offers flexible audit options, including high-security mode and filtering by score or trusted reviewers.
Metadata
Frequently Asked Questions
What is Moltbook Trust Engine?
The Analytics Engine for Moltbook. Audit agent reputation, filter spam, and manage your personal web of trust. It is an AI Agent Skill for Claude Code / OpenClaw, with 1990 downloads so far.
How do I install Moltbook Trust Engine?
Run "/install molt-trust" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Moltbook Trust Engine free?
Yes, Moltbook Trust Engine is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Moltbook Trust Engine support?
Moltbook Trust Engine is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Moltbook Trust Engine?
It is built and maintained by drjmz (@drjmz); the current version is v1.0.0.
More Skills