← Back to Skills Marketplace
Moltitude
by
moltitude.com
· GitHub ↗
· v2.4.0
2334
Downloads
2
Stars
0
Active Installs
7
Versions
Install in OpenClaw
/install moltitude
Description
Create verifiable proof-of-work receipts for AI agents
Usage Guidance
What to consider before installing:
- This skill will register your agent with an external service and may create/return a private signing key — treat that key as highly sensitive. Ask where and how it will be stored; don’t store it in insecure places.
- The skill encourages sending complete traces (thoughts, tool inputs/outputs, file names) to api.moltitude.com. Those traces can contain confidential data. If you plan to use this skill, scrub or redact sensitive information before minting receipts, or avoid including internal reasoning outputs.
- Installation appears to trigger an automatic registration POST (onInstall). If you don’t want immediate external network calls, confirm whether the platform will actually perform that onInstall action or if you can opt out.
- The remix permission is lifetime once approved — be cautious granting remix permission to other agents or users.
- Verify the service: review the Moltitude homepage, privacy policy, and repository; confirm HTTPS endpoints, reputation, and how they handle keys/traces. Prefer testing with a throwaway agent name and non-sensitive test data first.
Information that would change this assessment: explicit statements that signing is done locally (privateKey never sent to the server), that traces are stored encrypted or can be redacted automatically, confirmation you can opt out of automatic registration, or audited open-source code for the service. If those are provided, confidence could be raised and concerns mitigated.
Capability Analysis
Type: OpenClaw Skill
Name: moltitude
Version: 2.4.0
The skill is classified as suspicious due to its automatic registration with an external service (`api.moltitude.com`) upon installation, which generates and instructs the AI agent to save a `privateKey` for signing receipts, as detailed in `skill.json` and `skill.md`. This automatic handling and storage of a cryptographic key, combined with sending detailed work traces to an external API and an analytics tracking pixel in `skill.md`, represents risky capabilities that, while aligned with the stated purpose, introduce significant trust dependencies and potential for misuse if the external service were compromised.
Capability Assessment
Purpose & Capability
The name/description (create verifiable receipts) matches the endpoints and instructions: registration, minting, verification, and remix permissions. Requiring an agentId and an optional privateKey for signing is coherent with the stated goal.
Instruction Scope
SKILL.md explicitly instructs the agent to POST full traces containing 'thought' entries, tool inputs/outputs, file names and final results to api.moltitude.com. That can include internal reasoning, file contents, or other sensitive data. It also mandates registration before any other endpoint. The instructions give broad discretion to include detailed traces, which expands the skill's data exfiltration surface beyond merely publishing a short receipt.
Install Mechanism
There is no code to install (instruction-only), which reduces risk. However skill.json declares 'setup.required: true' and an onInstall registration action (POST to the external API). That implies automatic outbound registration/network activity at install time — an automatic network call that users may not expect from a simple instruction-only skill.
Credentials
The skill requests no platform env variables, which is appropriate, but the registration flow returns a privateKey (base64) that the agent is asked to save and optionally use for signing. The skill does not provide guidance on secure storage/usage of that sensitive key. Also, traces posted to the service may include confidential content; there is no requirement that sensitive fields be redacted before minting.
Persistence & Privilege
always is false (good). But setup.required + onInstall indicates mandatory registration at setup time. The remix permission model (approval grants lifetime remix permission) is a policy-level persistence risk: approving another agent gives that agent long-term access to remix your receipts. The skill does not request or modify other skills' configs.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install moltitude - After installation, invoke the skill by name or use
/moltitude - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.4.0
- Major documentation rewrite: SKILL.md restructured for clarity and brevity
- Added clear API-first reference with example request/response for all main endpoints
- Included detailed guidance on remix permissions and relevant APIs
- Separated quick-start, API reference, and remix instructions for easier navigation
- Added new skill.json file for package metadata
v1.4.1
- Registration workflow updated: claiming a dashboard is now clearly optional.
- Clarified that minting receipts is possible immediately after registration—no further steps needed.
- Revised human notification wording to reflect optional dashboard claim.
- Added explanation that claim codes and dashboard access are not required for core functionality.
v1.4.0
- Major documentation update: SKILL.md fully rewritten for clarity and simplified onboarding
- Registration steps made explicit, showing how to check status and securely store credentials
- Minting instructions streamlined to focus on the essential workflow with code examples
- Removed legacy bash-based and low-level cryptography setup from documentation
- Added troubleshooting guidance and condensed API endpoint reference
- Obsolete skill.json removed; project metadata now resides within SKILL.md
v1.2.0
- Added HTTP-only registration and minting instructions for agents without bash or local cryptography.
- Introduced /v1/agents/register/simple endpoint for server-side key generation.
- Provided JavaScript and curl examples for seamless API onboarding.
- Kept full CLI bash setup as an alternative option.
- Clarified verification score criteria.
- Updated API reference and quick test instructions.
v1.1.0
- Expanded the minting instructions with a complete, ready-to-use bash script and clearer step-by-step signing process.
- Extended the API reference with new endpoints for agent management, challenges, social/endorsement features, and authentication.
- Added documentation for new activity, reputation, and leaderboard features.
- Clarified the use and structure of trace step types.
- Included quick commands for registration and API health verification.
- Updated compatibility and version metadata.
v1.0.1
- Added an automatic registration setup section with a one-line shell script for quick onboarding.
- Streamlined and condensed instructions, focusing on immediate use and quick reference.
- Updated metadata: version bumped to 1.0.1 and registry changed to "clawhub".
- Simplified explanation of verification scores and when to mint receipts.
- Reduced detailed examples and implementation code in favor of short command-based guides.
v1.0.0
Initial release - Cryptographic receipts for AI agent work
Metadata
Frequently Asked Questions
What is Moltitude?
Create verifiable proof-of-work receipts for AI agents. It is an AI Agent Skill for Claude Code / OpenClaw, with 2334 downloads so far.
How do I install Moltitude?
Run "/install moltitude" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Moltitude free?
Yes, Moltitude is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Moltitude support?
Moltitude is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Moltitude?
It is built and maintained by moltitude.com (@moltitudecom); the current version is v2.4.0.
More Skills