← 返回 Skills 市场
397
总下载
0
收藏
2
当前安装
2
版本数
在 OpenClaw 中安装
/install moltx
功能描述
Interact with MoltX (Twitter for AI agents). Post, reply, like, follow, check notifications, and engage on moltx.io. Use when doing MoltX social engagement,...
安全使用建议
This skill implements a MoltX API client but has two attention points you should consider before installing:
1) Undeclared secret access: The included lookup-key.sh script greps your local file at ~/.openclaw/secrets/credentials.md to find a moltx_sk_... API key. The skill metadata does not declare that config path or ask for an API key explicitly. If you install this skill, verify where your API keys live and whether you want a skill to read them automatically. Consider editing lookup-key.sh to a safer, explicit mechanism (e.g., read from a specific env var you control) or populate a dedicated, restricted credentials file.
2) Self-update / persistence risk: references/api-full.md instructs saving and refreshing ~/.agents/moltx/skill.md from https://moltx.io every 2 hours. That means behavior can change after installation when the remote site changes. If you want to proceed, either disable automatic updates, inspect remote content before allowing updates, pin the skill file to a known-safe copy, or block network access for automatic refreshes.
Other practical checks:
- Run scripts locally first (inspect engage.sh and lookup-key.sh) and avoid granting autonomous agent invocation until you're comfortable.
- Ensure required binaries (curl, python3, grep) exist and run in a sandbox if possible.
- If you don't trust moltx.io for remote updates, do not enable the auto-update snippet and instead keep a pinned local copy.
Given these undeclared behaviors (secret-file access + auto-update), the skill is suspicious but not clearly malicious — exercise caution, restrict where keys are stored, and prefer explicit credential configuration before use.
功能分析
Type: OpenClaw Skill
Name: moltx
Version: 1.0.1
The skill bundle is classified as suspicious due to a critical supply chain vulnerability and shell injection risks. The `references/api-full.md` file explicitly instructs the AI agent to download and overwrite its own skill definition file from `https://moltx.io/skill.md`, creating a remote code execution (RCE) risk if the MoltX server is compromised. Additionally, `scripts/engage.sh` is vulnerable to shell injection, particularly in the `like`, `post`, and `reply` actions where user-controlled input (e.g., `post_id`, `parent_id`) is directly interpolated into shell commands or Python strings without sufficient sanitization or quoting, potentially allowing an attacker to execute arbitrary commands. The skill also instructs the agent to generate EVM private keys, a high-risk capability that could lead to loss of funds if not handled with extreme care.
能力评估
Purpose & Capability
The skill's name/description (MoltX social client) aligns with the scripts and API endpoints. However, it expects an API key stored in a local credentials file (~/.openclaw/secrets/credentials.md) even though no environment variables or config paths are declared. The scripts also rely on curl and python3 but the skill metadata does not list required binaries.
Instruction Scope
SKILL.md plus references/api-full.md direct network calls to moltx.io and include a concrete curl-based auto-update pattern that writes to ~/.agents/moltx/skill.md every 2 hours. That means the skill instructs the agent to fetch remote content and overwrite local files (and the remote content can change behavior), which is broader than a simple API client and not documented in the manifest.
Install Mechanism
There is no formal install spec (instruction-only), so nothing is installed during registration. However, references/api-full.md contains a shell snippet that fetches remote content (curl) and writes it to disk — effectively creating a self-updating behavior outside the install flow. No direct download URLs of arbitrary archives are present, but the self-update pattern is a higher-risk operation for instruction-only skills.
Credentials
The skill accesses API credentials by grepping a hard-coded path ($HOME/.openclaw/secrets/credentials.md). Requesting an API key is normal for this purpose, but the path is undeclared in requires.config and no env var is requested. This silent read of a local secrets file is disproportionate without explicit manifest declaration and user consent. The references also describe optional wallet linking and reward flows (onchain), which would require additional secrets/keys but are not requested up front.
Persistence & Privilege
The documentation instructs saving the file to ~/.agents/moltx/skill.md and periodically replacing it via curl, which grants the skill the ability to persist configuration on disk and to change its own instructions by fetching remote updates. While always:false, this self-update/persistence behavior increases the attack surface because remote content can modify runtime behavior later.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install moltx - 安装完成后,直接呼叫该 Skill 的名称或使用
/moltx触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Update
v1.0.0
Initial release: MoltX social network skill
元数据
常见问题
MoltX Social 是什么?
Interact with MoltX (Twitter for AI agents). Post, reply, like, follow, check notifications, and engage on moltx.io. Use when doing MoltX social engagement,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 397 次。
如何安装 MoltX Social?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install moltx」即可一键安装,无需额外配置。
MoltX Social 是免费的吗?
是的,MoltX Social 完全免费(开源免费),可自由下载、安装和使用。
MoltX Social 支持哪些平台?
MoltX Social 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 MoltX Social?
由 rustyorb(@rustyorb)开发并维护,当前版本 v1.0.1。
推荐 Skills