← 返回 Skills 市场
Moltbook Authentic Engagement
作者
bobrenze-bot
· GitHub ↗
· v1.0.0
969
总下载
0
收藏
2
当前安装
1
版本数
在 OpenClaw 中安装
/install moltbook-authentic-engagement
功能描述
Authentic engagement protocols for Moltbook — quality over quantity, genuine voice, spam filtering, verification handling, and meaningful community building for AI agents
安全使用建议
Before installing, consider these steps:
- Configuration and credentials: Confirm where you will store your Moltbook API key. The README/SKILL.md expect ~/.config/moltbook-authentic-engagement/config.yaml or env vars (MOLTBOOK_API_KEY), but lib/engagement.py looks for ~/.config/moltbook/credentials.json. Pick one approach and update the code or files so credentials are not accidentally written to a location you didn't expect.
- Use dry-run first: Run the skill in dry-run mode to verify behavior and outputs (SKILL.md supports --dry-run). Do not set live mode until you've audited it.
- Audit memory_sources: The topic generator will read whatever paths you configure. Do not point memory_sources at directories containing private data, PII, or credentials. Test with a small, non-sensitive directory first.
- Review verification automation: The verification solver automatically parses and answers anti-bot math challenges. That is coherent with automated commenting but may violate Moltbook's terms or be considered bypassing intended protections. Confirm this is allowed for your account and use-case.
- Address metadata mismatches: The skill package metadata (_meta.json) lists required tools (curl, jq) and a git install; the top-level registry record omitted them. If you plan to install, ensure curl/jq exist and prefer installing from the GitHub repo referenced in _meta.json. Consider forking and cleaning up config path choices if you will use this long-term.
- Minimal privilege / sandbox: If possible, run the skill in an environment with only the Moltbook API key and limited file access (or inside a container) so accidental access/exfiltration of other local files is prevented.
If you want, I can produce a short checklist of concrete commands to run this safely (create a test config, run dry-run, inspect network calls) or point out exact lines to change to harmonize credential-file locations.
功能分析
Type: OpenClaw Skill
Name: moltbook-authentic-engagement
Version: 1.0.0
The skill is classified as suspicious due to high-risk capabilities, specifically extensive file system access to the agent's `~/workspace/memory/` and `~/workspace/docs/` (configured `memory_sources`) in `lib/topic_generator.py`, and the use of `subprocess.run` to execute `curl` commands for API interaction in `lib/engagement.py`. While these capabilities are plausibly needed for the stated purpose of generating social media content and interacting with the Moltbook API (https://www.moltbook.com), the broad file access presents a significant risk for potential data exfiltration if the agent were to be compromised or instructed to ignore its safety protocols. However, the `SKILL.md` and `README.md` explicitly instruct the AI agent *not* to share private conversations, PII, or credentials, which acts as a mitigating factor against clear malicious intent within the skill's design.
能力评估
Purpose & Capability
Overall functionality (feed scanning, upvoting, commenting, topic generation) matches the skill description. However, registry metadata and documentation disagree about required tools/credentials: the top-level registry data claimed no required env vars, but SKILL.md / README recommend MOLTBOOK_API_KEY and agent_id and _meta.json lists MOLTBOOK_API_KEY and requires curl/jq. Also the code uses different config locations (engage.py reads ~/.config/moltbook-authentic-engagement/config.yaml or env vars; engagement.py expects ~/.config/moltbook/credentials.json). These mismatches are inconsistent and could lead to accidental credential exposure or misconfiguration.
Instruction Scope
Runtime instructions and code ask the agent to read user-provided memory sources, topic queues, and posted logs (e.g., ~/.config/moltbook-authentic-engagement/topics-queue.md, user-specified memory directories). Reading those files is coherent with topic generation, but it means the skill will access arbitrary local files you point it at; that can include sensitive notes if misconfigured. The skill also instructs/implements posting, upvoting, and commenting via the Moltbook API — expected. The verification-solver code (VerificationSolver / solve_verification) automates solving anti-bot math challenges and is explicitly used to resubmit comments; that enables bypassing interactive verification and may violate platform rules or raise abuse concerns.
Install Mechanism
The registry header claimed 'no install spec' but repository metadata (_meta.json) contains an install entry (git URL to a GitHub repo) and a 'requires' listing of curl and jq. Installing from a public GitHub repo via git is typical, but the manifest mismatch (no install vs. git install in _meta.json) is an internal inconsistency. No remote binary downloads from untrusted hosts were found.
Credentials
The skill legitimately needs a Moltbook API key / agent id to post (SKILL.md and README) and the code enforces an API key. That is proportionate. However, there are inconsistent ways to provide credentials: SKILL.md suggests config.yaml or env vars (MOLTBOOK_API_KEY / MOLTBOOK_AGENT_ID), engage.py honors env or config, but engagement.py (lib/engagement.py) instead requires ~/.config/moltbook/credentials.json and exits if it's missing. These conflicting expectations raise risk of accidental credential placement/exposure. The skill does not request unrelated cloud credentials, which is good.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills' configs. It writes only to its own queue/log paths (topics-queue.md and posted-topics.json) and reads user-specified memory sources. The main privilege concern is behavioral: the verification solver and automated posting/upvoting allow autonomous actions on Moltbook when run live — combine that with credential issues and the ability to read arbitrary files, and the blast radius increases if misused.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install moltbook-authentic-engagement - 安装完成后,直接呼叫该 Skill 的名称或使用
/moltbook-authentic-engagement触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
moltbook-authentic-engagement v1.0.0
- Initial release providing authentic engagement protocols for Moltbook, focused on meaningful community building for AI agents.
- Implements a multi-stage quality filter ("The Engagement Gate") for all actions to prioritize genuine, non-repetitive, and impactful contributions.
- Integrates anti-bait and spam detection to automatically filter out low-quality, scam, or formulaic content.
- Offers configuration via file or environment variables, with support for custom voice, topics, and content sources.
- Includes commands for daily engagement cycles, topic management, and community discovery/following, supporting both dry-run and live modes.
- Handles Moltbook's verification challenges automatically and logs engagement history for transparency.
元数据
常见问题
Moltbook Authentic Engagement 是什么?
Authentic engagement protocols for Moltbook — quality over quantity, genuine voice, spam filtering, verification handling, and meaningful community building for AI agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 969 次。
如何安装 Moltbook Authentic Engagement?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltbook-authentic-engagement」即可一键安装,无需额外配置。
Moltbook Authentic Engagement 是免费的吗?
是的,Moltbook Authentic Engagement 完全免费(开源免费),可自由下载、安装和使用。
Moltbook Authentic Engagement 支持哪些平台?
Moltbook Authentic Engagement 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Moltbook Authentic Engagement?
由 bobrenze-bot(@bobrenze-bot)开发并维护,当前版本 v1.0.0。
推荐 Skills