← Back to Skills Marketplace

Skill

Name: Skill
Author: meshailabs

by meshailabs · GitHub ↗ · v0.11.8 · MIT-0

cross-platform ✓ Security Clean

1488

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install moltblock

Description

Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution.

Usage Guidance

This skill appears to do what it says: it sends tasks to an LLM provider, runs policy checks, and returns verification results. Before installing, consider: (1) Use npx to avoid a global install if you prefer no persistent package; (2) Any task text and generated artifacts will be transmitted to the LLM provider tied to the API key — do not submit secrets or sensitive data unless you trust the provider and the key's scope; (3) Prefer a limited-scope API key for verification only; (4) If you need higher assurance, review the published npm package and GitHub repo code ([email protected]) to confirm there are no unexpected behaviors beyond the documented CLI usage.

Capability Analysis

Type: OpenClaw Skill Name: moltblock Version: 0.11.8 The moltblock skill bundle describes a security-focused tool designed to verify AI-generated tasks against policy rules to prevent dangerous operations. It functions by sending task descriptions to LLM providers (using the user's own API keys) and returning a pass/fail result. The documentation in SKILL.md is transparent about its requirements and behavior, and there is no evidence of malicious intent, data exfiltration, or unauthorized code execution.

Capability Assessment

✓ Purpose & Capability

The skill is a verification/gating layer that uses LLMs to generate and critique artifacts. Declared requirements (npx/node and an LLM API key such as OPENAI_API_KEY) match that purpose. Optional config files (~/.moltblock/moltblock.json) are plausible for policy customization.

ℹ Instruction Scope

SKILL.md instructs the agent to call the moltblock CLI (npx or installed binary) with a task description, and to read optional local config files. It explicitly states it only performs policy checks and does not execute code. This is coherent, but users should note that submitted task text and artifacts will be sent to the configured LLM provider (possible data exposure).

✓ Install Mechanism

Install is via npm ([email protected]) and npx usage is recommended. npm is a standard distribution channel; this is moderate but expected risk for a Node CLI. No arbitrary download URLs or extract steps are present.

✓ Credentials

The skill declares a primary LLM API key (OPENAI_API_KEY) and optional provider keys (ANTHROPIC_API_KEY, GOOGLE_API_KEY, ZAI_API_KEY). Those map directly to the stated need to call LLM backends. There are no unrelated or excessive environment or credential requests.

✓ Persistence & Privilege

always:false and no special OS restrictions or system-level config writes are requested. Optional config file reads are proportional for policy customization. The skill does not request permanent platform privileges.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install moltblock
After installation, invoke the skill by name or use /moltblock
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.11.8

Skill metadata cleanup for ClaWHub scan compliance

v0.11.7

Address ClaWHub security scan: fix config metadata, accurate execution claims, npm install transparency, API key scope guidance

v0.11.6

Security hardening: CLI error sanitization, signing key hardening, path traversal fix, CI action pinning

v0.11.5

Dependency updates (openai 6.29.0, vitest 4.1.0, @types/node 25.5.0), npm trusted publishing via OIDC, CI modernization (actions/setup-node v6)

v0.11.4

- Bumped version to 0.11.4. - Updated all references to the moltblock version in examples and install instructions from 0.11.3 to 0.11.4. - Added repository field to metadata for improved discoverability.

v0.11.3

- Removes optional code execution and test verification from agent-facing skill; policy checks only. - Updates documentation to reflect that only policy checks (no code generation or execution) are performed when used as a skill. - CLI test/verification feature (`--test`) now available only for direct user invocation, not via skill API. - Updates install instructions to [email protected]. - Clarifies security model and removes references to vitest execution in skill usage.

v0.11.2

- Version bump from 0.11.0 to 0.11.2. - Updated all examples, install, and usage instructions to reference version 0.11.2. - No feature, configuration, or functionality changes documented in this release.

v0.11.1

- Added Security: Test Execution section to SKILL.md for increased transparency on code execution during test verification. - Now documents that moltblock executes LLM-generated code with vitest when --test is used, including explicit risk and mitigation details. - Environment variable documentation updated: marks ANTHROPIC_API_KEY, GOOGLE_API_KEY, and ZAI_API_KEY as optional, clarifies provider detection behavior. - Minor wording updates for accuracy about environment variables and behavior when API keys are present or missing.

v0.11.0

- Updated documentation and version references to 0.11.0. - All usage examples and installation instructions now reflect the new version. - No functional or feature changes noted; changes are documentation and version alignment only.

v0.8.0

- Version bump to 0.8.0. - Updated usage examples and installation commands to use version 0.8.0. - Changed npm package license from Apache-2.0 to MIT in documentation.

v0.7.8

- Version bump from 0.7.7 to 0.7.8. - Updated all usage, installation, and example references to use version 0.7.8. - SKILL metadata updated to specify [email protected] for installation.

v0.7.7

- Updated package version and usage references to 0.7.7 throughout documentation. - Changed skill name in metadata to "moltblock - Trust Layer for AI Agents". - No functional or implementation changes; documentation version and package/install instructions updated only.

v0.7.6

- Version updated to 0.7.6. - Documentation updated for clarity on what moltblock does, including its verification and code checking behavior. - All usage instructions, examples, and install commands now reference version 0.7.6. - Minor corrections in the description to improve accuracy and transparency.

v0.7.5

- Updated documentation to clarify security practices and what moltblock does not do. - Changed install instructions to recommend npx with @latest and updated package references for clarity. - Simplified configuration guidance, focusing on model bindings and linking to expanded documentation for advanced options. - Noted use of vitest for optional code verification. - Minor wording improvements for security and usability emphasis.

v0.7.4

- Bumped version to 0.7.4. - Updated install instructions and metadata for the new version. - Removed mention of environment variable requirements from the OpenClaw integration section. - No functional or usage changes documented in this release.

v0.7.3

- Updated to version 0.7.3. - Improved metadata: now explicitly lists supported environment variables, config files, and required binaries. - Installation instructions and metadata updated to reference the new version. - No functional or source code changes detected.

v0.7.2

- Updated npm global install command to use version 0.7.2. - Clarified that no API key is required: moltblock falls back to a local LLM if no key is set. - Removed environment variable requirement for API key in OpenClaw metadata. - Added links to source repository, npm package, and license in documentation. - No code changes detected in this release.

v0.7.1

- Updated install instructions and version reference to 0.7.1. - OpenClaw environment requirements streamlined: only OPENAI_API_KEY is now required. - No configuration file is required; clarified support for auto-detection of LLM provider and OpenClaw config. - Documentation updated to reflect simpler configuration and environment setup.

v0.7.0

- Added project homepage link and metadata for better integration and discoverability. - Expanded supported environment variables to include ANTHROPIC_API_KEY and ZAI_API_KEY. - Updated provider documentation to mention Anthropic/Claude and ZAI. - Added recommended install command for version 0.7.0 in metadata. - No changes to primary functionality or commands.

v0.6.3

- Expanded and clarified documentation in SKILL.md, including detailed usage instructions, risk categorization, example commands, output structure, and configuration options. - Added guidance on installation (npm and npx) and provider environment variable setup. - Provided sample moltblock.json configuration for advanced customization. - Included a disclaimer emphasizing the tool’s limitations and urging manual review of high-risk actions.

Metadata

Slug moltblock

Version 0.11.8

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 20

Frequently Asked Questions

What is Skill?

Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution. It is an AI Agent Skill for Claude Code / OpenClaw, with 1488 downloads so far.

How do I install Skill?

Run "/install moltblock" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Skill free?

Yes, Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Skill support?

Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Skill?

It is built and maintained by meshailabs (@meshailabs); the current version is v0.11.8.

More Skills