← Back to Skills Marketplace
MoltPay Core
by
balkanblbn
· GitHub ↗
· v1.0.1
479
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install moltpay
Description
Securely synchronize and transfer resources between verified autonomous agents using cryptographically tethered identities and replay-protected requests.
Usage Guidance
Before installing, get answers and fixes for these items: (1) Where and how does the skill obtain the Moltbook API token? SKILL.md and metadata should declare required credentials (and warn users). (2) Why is the vault file hard-coded to /root/.openclaw/... ? Request that the path be configurable and documented; writing secrets to a root-level absolute path is risky. (3) Confirm the identity/trustworthiness of https://www.moltbook.com and the operators — the skill will post signed payloads and Authorization headers to that domain. (4) Ask the author to correct package metadata (package.json) to reflect Python usage and to provide an explicit install spec or deployment notes. (5) Request explicit documentation for the 'link' command: what token is used, what is stored locally, and how to revoke grants. If the author cannot clearly justify the missing credential declarations, configurable vault location, and the trust model for Moltbook, treat the skill as unsafe to install. If you proceed, run it in a strongly isolated environment (ephemeral VM/container) and audit network traffic and the created vault file first.
Capability Analysis
Type: OpenClaw Skill
Name: moltpay
Version: 1.0.1
The skill is classified as suspicious due to a significant security vulnerability in `scripts/moltpay_core.py`. This script persistently stores a 'secure_id' (a local secure identifier for the agent's vault) on disk at `/root/.openclaw/workspace/projects/moltpay/data/vault.json`. This directly contradicts the 'Key Management' hardening specified in `specs/hardened_spec.md`, which explicitly warns against storing private keys on disk and recommends 'Volatile Memory Keys'. While there is no evidence of intentional malice (e.g., data exfiltration to unauthorized endpoints, backdoors, or prompt injection attempts), this design flaw creates a persistent sensitive file that could be exploited by other malicious skills, making the skill vulnerable.
Capability Assessment
Purpose & Capability
The declared purpose (agent-to-agent resource sync) matches the code that posts transactions to https://www.moltbook.com/api/v1, derives signing keys, and writes a local vault. However the registry metadata and SKILL.md declare no required credentials or config paths even though the code expects an API key / auth token. package.json lists a Node-style entrypoint and dependencies but the implementation is Python, an inconsistency. These mismatches mean the package asks for more (networked auth & local storage) than the public metadata/description admit.
Instruction Scope
SKILL.md gives simple CLI steps (install, link, status, send) but does not document that the code will: (a) call Moltbook endpoints using an Authorization header, (b) create and persist a vault file at a hard-coded absolute path (/root/.openclaw/workspace/projects/moltpay/data/vault.json), or (c) derive and use signing keys based on an API key. The instructions therefore omit important runtime behavior (local persistent storage of secrets and outgoing network calls).
Install Mechanism
There is no install spec (instruction-only), which is low risk for arbitrary downloads. The package contains Python scripts and a package.json; the latter's Node-style metadata conflicts with the Python implementation but does not itself introduce an external download/URL risk. This inconsistency should be clarified but the install mechanism does not appear to pull remote code during install.
Credentials
The code requires an API key / auth token (used in Authorization headers and as the basis for a derived signing key) and will store derived secrets locally, but the skill declares no required environment variables or primary credential. The skill will therefore need sensitive credentials at runtime despite not requesting them up-front — a proportionality and transparency problem. Storing secure_id and derived keys to disk in a hard-coded root-level path increases the risk of leakage by other local processes/skills.
Persistence & Privilege
Although always:false, the implementation creates a persistent vault file at a fixed absolute path under /root/.openclaw/... and permanently links a vault to an account ID. This grants the skill durable local state (including secrets) without declaring or justifying it. The hard-coded root path may require elevated privileges and can be accessed by other local components, increasing exposure.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install moltpay - After installation, invoke the skill by name or use
/moltpay - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Hardened identity-tethering and resource management protocol.
Metadata
Frequently Asked Questions
What is MoltPay Core?
Securely synchronize and transfer resources between verified autonomous agents using cryptographically tethered identities and replay-protected requests. It is an AI Agent Skill for Claude Code / OpenClaw, with 479 downloads so far.
How do I install MoltPay Core?
Run "/install moltpay" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is MoltPay Core free?
Yes, MoltPay Core is completely free (open-source). You can download, install and use it at no cost.
Which platforms does MoltPay Core support?
MoltPay Core is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created MoltPay Core?
It is built and maintained by balkanblbn (@balkanblbn); the current version is v1.0.1.
More Skills