← 返回 Skills 市场

Skill

Name: Skill
Author: meshailabs

作者 meshailabs · GitHub ↗ · v0.11.8 · MIT-0

cross-platform ✓ 安全检测通过

1488

总下载

当前安装

版本数

在 OpenClaw 中安装

/install moltblock

功能描述

Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution.

安全使用建议

This skill appears to do what it says: it sends tasks to an LLM provider, runs policy checks, and returns verification results. Before installing, consider: (1) Use npx to avoid a global install if you prefer no persistent package; (2) Any task text and generated artifacts will be transmitted to the LLM provider tied to the API key — do not submit secrets or sensitive data unless you trust the provider and the key's scope; (3) Prefer a limited-scope API key for verification only; (4) If you need higher assurance, review the published npm package and GitHub repo code ([email protected]) to confirm there are no unexpected behaviors beyond the documented CLI usage.

功能分析

Type: OpenClaw Skill Name: moltblock Version: 0.11.8 The moltblock skill bundle describes a security-focused tool designed to verify AI-generated tasks against policy rules to prevent dangerous operations. It functions by sending task descriptions to LLM providers (using the user's own API keys) and returning a pass/fail result. The documentation in SKILL.md is transparent about its requirements and behavior, and there is no evidence of malicious intent, data exfiltration, or unauthorized code execution.

能力评估

✓ Purpose & Capability

The skill is a verification/gating layer that uses LLMs to generate and critique artifacts. Declared requirements (npx/node and an LLM API key such as OPENAI_API_KEY) match that purpose. Optional config files (~/.moltblock/moltblock.json) are plausible for policy customization.

ℹ Instruction Scope

SKILL.md instructs the agent to call the moltblock CLI (npx or installed binary) with a task description, and to read optional local config files. It explicitly states it only performs policy checks and does not execute code. This is coherent, but users should note that submitted task text and artifacts will be sent to the configured LLM provider (possible data exposure).

✓ Install Mechanism

Install is via npm ([email protected]) and npx usage is recommended. npm is a standard distribution channel; this is moderate but expected risk for a Node CLI. No arbitrary download URLs or extract steps are present.

✓ Credentials

The skill declares a primary LLM API key (OPENAI_API_KEY) and optional provider keys (ANTHROPIC_API_KEY, GOOGLE_API_KEY, ZAI_API_KEY). Those map directly to the stated need to call LLM backends. There are no unrelated or excessive environment or credential requests.

✓ Persistence & Privilege

always:false and no special OS restrictions or system-level config writes are requested. Optional config file reads are proportional for policy customization. The skill does not request permanent platform privileges.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install moltblock
安装完成后，直接呼叫该 Skill 的名称或使用 /moltblock 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v0.11.8

Skill metadata cleanup for ClaWHub scan compliance

v0.11.7

Address ClaWHub security scan: fix config metadata, accurate execution claims, npm install transparency, API key scope guidance

v0.11.6

Security hardening: CLI error sanitization, signing key hardening, path traversal fix, CI action pinning

v0.11.5

Dependency updates (openai 6.29.0, vitest 4.1.0, @types/node 25.5.0), npm trusted publishing via OIDC, CI modernization (actions/setup-node v6)

v0.11.4

- Bumped version to 0.11.4. - Updated all references to the moltblock version in examples and install instructions from 0.11.3 to 0.11.4. - Added repository field to metadata for improved discoverability.

v0.11.3

- Removes optional code execution and test verification from agent-facing skill; policy checks only. - Updates documentation to reflect that only policy checks (no code generation or execution) are performed when used as a skill. - CLI test/verification feature (`--test`) now available only for direct user invocation, not via skill API. - Updates install instructions to [email protected]. - Clarifies security model and removes references to vitest execution in skill usage.

v0.11.2

- Version bump from 0.11.0 to 0.11.2. - Updated all examples, install, and usage instructions to reference version 0.11.2. - No feature, configuration, or functionality changes documented in this release.

v0.11.1

- Added Security: Test Execution section to SKILL.md for increased transparency on code execution during test verification. - Now documents that moltblock executes LLM-generated code with vitest when --test is used, including explicit risk and mitigation details. - Environment variable documentation updated: marks ANTHROPIC_API_KEY, GOOGLE_API_KEY, and ZAI_API_KEY as optional, clarifies provider detection behavior. - Minor wording updates for accuracy about environment variables and behavior when API keys are present or missing.

v0.11.0

- Updated documentation and version references to 0.11.0. - All usage examples and installation instructions now reflect the new version. - No functional or feature changes noted; changes are documentation and version alignment only.

v0.8.0

- Version bump to 0.8.0. - Updated usage examples and installation commands to use version 0.8.0. - Changed npm package license from Apache-2.0 to MIT in documentation.

v0.7.8

- Version bump from 0.7.7 to 0.7.8. - Updated all usage, installation, and example references to use version 0.7.8. - SKILL metadata updated to specify [email protected] for installation.

v0.7.7

- Updated package version and usage references to 0.7.7 throughout documentation. - Changed skill name in metadata to "moltblock - Trust Layer for AI Agents". - No functional or implementation changes; documentation version and package/install instructions updated only.

v0.7.6

- Version updated to 0.7.6. - Documentation updated for clarity on what moltblock does, including its verification and code checking behavior. - All usage instructions, examples, and install commands now reference version 0.7.6. - Minor corrections in the description to improve accuracy and transparency.

v0.7.5

- Updated documentation to clarify security practices and what moltblock does not do. - Changed install instructions to recommend npx with @latest and updated package references for clarity. - Simplified configuration guidance, focusing on model bindings and linking to expanded documentation for advanced options. - Noted use of vitest for optional code verification. - Minor wording improvements for security and usability emphasis.

v0.7.4

- Bumped version to 0.7.4. - Updated install instructions and metadata for the new version. - Removed mention of environment variable requirements from the OpenClaw integration section. - No functional or usage changes documented in this release.

v0.7.3

- Updated to version 0.7.3. - Improved metadata: now explicitly lists supported environment variables, config files, and required binaries. - Installation instructions and metadata updated to reference the new version. - No functional or source code changes detected.

v0.7.2

- Updated npm global install command to use version 0.7.2. - Clarified that no API key is required: moltblock falls back to a local LLM if no key is set. - Removed environment variable requirement for API key in OpenClaw metadata. - Added links to source repository, npm package, and license in documentation. - No code changes detected in this release.

v0.7.1

- Updated install instructions and version reference to 0.7.1. - OpenClaw environment requirements streamlined: only OPENAI_API_KEY is now required. - No configuration file is required; clarified support for auto-detection of LLM provider and OpenClaw config. - Documentation updated to reflect simpler configuration and environment setup.

v0.7.0

- Added project homepage link and metadata for better integration and discoverability. - Expanded supported environment variables to include ANTHROPIC_API_KEY and ZAI_API_KEY. - Updated provider documentation to mention Anthropic/Claude and ZAI. - Added recommended install command for version 0.7.0 in metadata. - No changes to primary functionality or commands.

v0.6.3

- Expanded and clarified documentation in SKILL.md, including detailed usage instructions, risk categorization, example commands, output structure, and configuration options. - Added guidance on installation (npm and npx) and provider environment variable setup. - Provided sample moltblock.json configuration for advanced customization. - Included a disclaimer emphasizing the tool’s limitations and urging manual review of high-risk actions.

元数据

Slug moltblock

版本 0.11.8

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 20

常见问题

Skill 是什么？

Verification gating for AI-generated artifacts. Policy checks to catch dangerous patterns before execution. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 1488 次。

如何安装 Skill？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltblock」即可一键安装，无需额外配置。

Skill 是免费的吗？

是的，Skill 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Skill 支持哪些平台？

Skill 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Skill？

由 meshailabs（@meshailabs）开发并维护，当前版本 v0.11.8。