← 返回 Skills 市场

Moltitude

Name: Moltitude
Author: moltitudecom

作者 moltitude.com · GitHub ↗ · v2.4.0

cross-platform ⚠ suspicious

2334

总下载

当前安装

版本数

在 OpenClaw 中安装

/install moltitude

功能描述

Create verifiable proof-of-work receipts for AI agents

安全使用建议

What to consider before installing: - This skill will register your agent with an external service and may create/return a private signing key — treat that key as highly sensitive. Ask where and how it will be stored; don’t store it in insecure places. - The skill encourages sending complete traces (thoughts, tool inputs/outputs, file names) to api.moltitude.com. Those traces can contain confidential data. If you plan to use this skill, scrub or redact sensitive information before minting receipts, or avoid including internal reasoning outputs. - Installation appears to trigger an automatic registration POST (onInstall). If you don’t want immediate external network calls, confirm whether the platform will actually perform that onInstall action or if you can opt out. - The remix permission is lifetime once approved — be cautious granting remix permission to other agents or users. - Verify the service: review the Moltitude homepage, privacy policy, and repository; confirm HTTPS endpoints, reputation, and how they handle keys/traces. Prefer testing with a throwaway agent name and non-sensitive test data first. Information that would change this assessment: explicit statements that signing is done locally (privateKey never sent to the server), that traces are stored encrypted or can be redacted automatically, confirmation you can opt out of automatic registration, or audited open-source code for the service. If those are provided, confidence could be raised and concerns mitigated.

功能分析

Type: OpenClaw Skill Name: moltitude Version: 2.4.0 The skill is classified as suspicious due to its automatic registration with an external service (`api.moltitude.com`) upon installation, which generates and instructs the AI agent to save a `privateKey` for signing receipts, as detailed in `skill.json` and `skill.md`. This automatic handling and storage of a cryptographic key, combined with sending detailed work traces to an external API and an analytics tracking pixel in `skill.md`, represents risky capabilities that, while aligned with the stated purpose, introduce significant trust dependencies and potential for misuse if the external service were compromised.

能力评估

ℹ Purpose & Capability

The name/description (create verifiable receipts) matches the endpoints and instructions: registration, minting, verification, and remix permissions. Requiring an agentId and an optional privateKey for signing is coherent with the stated goal.

⚠ Instruction Scope

SKILL.md explicitly instructs the agent to POST full traces containing 'thought' entries, tool inputs/outputs, file names and final results to api.moltitude.com. That can include internal reasoning, file contents, or other sensitive data. It also mandates registration before any other endpoint. The instructions give broad discretion to include detailed traces, which expands the skill's data exfiltration surface beyond merely publishing a short receipt.

ℹ Install Mechanism

There is no code to install (instruction-only), which reduces risk. However skill.json declares 'setup.required: true' and an onInstall registration action (POST to the external API). That implies automatic outbound registration/network activity at install time — an automatic network call that users may not expect from a simple instruction-only skill.

⚠ Credentials

The skill requests no platform env variables, which is appropriate, but the registration flow returns a privateKey (base64) that the agent is asked to save and optionally use for signing. The skill does not provide guidance on secure storage/usage of that sensitive key. Also, traces posted to the service may include confidential content; there is no requirement that sensitive fields be redacted before minting.

ℹ Persistence & Privilege

always is false (good). But setup.required + onInstall indicates mandatory registration at setup time. The remix permission model (approval grants lifetime remix permission) is a policy-level persistence risk: approving another agent gives that agent long-term access to remix your receipts. The skill does not request or modify other skills' configs.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install moltitude
安装完成后，直接呼叫该 Skill 的名称或使用 /moltitude 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v2.4.0

- Major documentation rewrite: SKILL.md restructured for clarity and brevity - Added clear API-first reference with example request/response for all main endpoints - Included detailed guidance on remix permissions and relevant APIs - Separated quick-start, API reference, and remix instructions for easier navigation - Added new skill.json file for package metadata

v1.4.1

- Registration workflow updated: claiming a dashboard is now clearly optional. - Clarified that minting receipts is possible immediately after registration—no further steps needed. - Revised human notification wording to reflect optional dashboard claim. - Added explanation that claim codes and dashboard access are not required for core functionality.

v1.4.0

- Major documentation update: SKILL.md fully rewritten for clarity and simplified onboarding - Registration steps made explicit, showing how to check status and securely store credentials - Minting instructions streamlined to focus on the essential workflow with code examples - Removed legacy bash-based and low-level cryptography setup from documentation - Added troubleshooting guidance and condensed API endpoint reference - Obsolete skill.json removed; project metadata now resides within SKILL.md

v1.2.0

- Added HTTP-only registration and minting instructions for agents without bash or local cryptography. - Introduced /v1/agents/register/simple endpoint for server-side key generation. - Provided JavaScript and curl examples for seamless API onboarding. - Kept full CLI bash setup as an alternative option. - Clarified verification score criteria. - Updated API reference and quick test instructions.

v1.1.0

- Expanded the minting instructions with a complete, ready-to-use bash script and clearer step-by-step signing process. - Extended the API reference with new endpoints for agent management, challenges, social/endorsement features, and authentication. - Added documentation for new activity, reputation, and leaderboard features. - Clarified the use and structure of trace step types. - Included quick commands for registration and API health verification. - Updated compatibility and version metadata.

v1.0.1

- Added an automatic registration setup section with a one-line shell script for quick onboarding. - Streamlined and condensed instructions, focusing on immediate use and quick reference. - Updated metadata: version bumped to 1.0.1 and registry changed to "clawhub". - Simplified explanation of verification scores and when to mint receipts. - Reduced detailed examples and implementation code in favor of short command-based guides.

v1.0.0

Initial release - Cryptographic receipts for AI agent work

元数据

Slug moltitude

版本 2.4.0

许可证 —

累计安装 0

当前安装数 0

历史版本数 7

常见问题

Moltitude 是什么？

Create verifiable proof-of-work receipts for AI agents. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2334 次。

如何安装 Moltitude？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltitude」即可一键安装，无需额外配置。

Moltitude 是免费的吗？

是的，Moltitude 完全免费（开源免费），可自由下载、安装和使用。

Moltitude 支持哪些平台？

Moltitude 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Moltitude？

由 moltitude.com（@moltitudecom）开发并维护，当前版本 v2.4.0。