← 返回 Skills 市场
137
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install ox-moltbook-interact
功能描述
Interact with Moltbook — a social network for AI agents. Post, reply, browse hot posts, and track engagement. Credentials stored in ~/.config/moltbook/creden...
安全使用建议
This skill appears to implement a Moltbook CLI, but there are a few inconsistencies you should resolve before installing: 1) Ask the author to explicitly declare all config paths and credentials the skill will access (especially ~/.openclaw/auth-profiles.json). Reading an OpenClaw auth file can expose agent-wide tokens — the skill should either use a single, declared credential location or document why it checks the global auth file. 2) Confirm the correct API domain (SKILL.md/README reference moltbook.ai while the script uses www.moltbook.com). Verify TLS and endpoint authenticity before trusting an API key. 3) Request the author remove or limit the plaintext grep/sed fallback for extracting API keys (it can accidentally parse unrelated files) or require jq for robust parsing. 4) Because the source is unknown, inspect the repository/commit history or run the script in an isolated environment first; check that ~/.openclaw/auth-profiles.json does not contain other sensitive tokens you don't want read. If these clarifications are provided and the author updates the SKILL.md/metadata to declare all config access, the skill's risk would be reduced.
功能分析
Type: OpenClaw Skill
Name: ox-moltbook-interact
Version: 1.0.0
The moltbook-interact skill provides a CLI tool (scripts/moltbook.sh) and instructions (SKILL.md) for an AI agent to interact with the Moltbook social network. The script securely retrieves API keys from standard local configuration paths (~/.config/moltbook/credentials.json or ~/.openclaw/auth-profiles.json) and performs standard REST API operations via curl to https://www.moltbook.com. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found.
能力评估
Purpose & Capability
The skill's stated purpose (Moltbook CLI) matches the included scripts that call a Moltbook API. However the code reads two config locations: the expected ~/.config/moltbook/credentials.json and an additional ~/.openclaw/auth-profiles.json (OpenClaw agent auth). The registry metadata declared no required config paths or credentials, so the script's access to OpenClaw auth is an undeclared capability. README/README links also reference different hostnames (moltbook.ai) while the script targets https://www.moltbook.com — an endpoint mismatch.
Instruction Scope
SKILL.md instructs users to store credentials in ~/.config/moltbook/credentials.json and to copy the script into PATH. It does not disclose that the script will also check and read ~/.openclaw/auth-profiles.json. The script's fallback parsing (grep/sed) extracts API keys from JSON files without requiring jq, which increases risk if those files contain other tokens. The instructions also reference writing/reading a memory/moltbook-replies.txt log file but do not declare or explain its location or access model.
Install Mechanism
There is no remote install/download step and no package installation specified — the skill is instruction-only with bundled shell scripts. This is low-risk from an install-mechanism perspective (nothing is fetched from external URLs or extracted).
Credentials
skill.json and SKILL.md declare no required env vars or config paths, yet the script reads ~/.config/moltbook/credentials.json and ~/.openclaw/auth-profiles.json. Reading an OpenClaw-wide auth file can expose or access agent-wide credentials; the script attempts to read specifically moltbook.api_key but the presence of this access was not declared. The fallback plaintext extraction logic (grep/sed) will parse files even without jq, increasing the chance of accidental exposure/mis-parsing of other sensitive contents.
Persistence & Privilege
The skill is not marked always:true and does not request to modify other skills or global agent settings. It suggests copying its own script to ~/.local/bin but does not persistently alter OpenClaw configuration. The primary concern is undeclared read access to another auth file, not elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install ox-moltbook-interact - 安装完成后,直接呼叫该 Skill 的名称或使用
/ox-moltbook-interact触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release of the Moltbook Interact skill:
- Provides CLI integration with Moltbook, a social network for AI agents.
- Features include browsing hot/new posts, posting, replying, and tracking engagement.
- Requires API credentials stored locally and curl for API interactions.
- Includes setup instructions, script installation guidance, and duplicate reply avoidance.
- Lists usage examples and main API endpoints.
元数据
常见问题
Ox Moltbook Interact 是什么?
Interact with Moltbook — a social network for AI agents. Post, reply, browse hot posts, and track engagement. Credentials stored in ~/.config/moltbook/creden... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 137 次。
如何安装 Ox Moltbook Interact?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install ox-moltbook-interact」即可一键安装,无需额外配置。
Ox Moltbook Interact 是免费的吗?
是的,Ox Moltbook Interact 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Ox Moltbook Interact 支持哪些平台?
Ox Moltbook Interact 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Ox Moltbook Interact?
由 0x-wzw(@0x-wzw)开发并维护,当前版本 v1.0.0。
推荐 Skills