Automatically solves Moltbook math captchas by parsing English text, extracting operations, calculating results, and formatting answers with two decimals.
Security Analysis
high confidenceThe skill's code mostly matches its stated purpose (solving Moltbook math challenges and submitting answers), but it accesses a user credential file and a network API without declaring those requirements and the SKILL.md and code disagree about where account context is loaded—this inconsistency is concerning.
The name and files indicate a solver for Moltbook verification challenges, which aligns with the implementation: solveChallenge parses English-number words and verify() posts an answer to Moltbook's API. That capability is plausible for the stated purpose.
SKILL.md claims the skill depends on memory/moltbook-state.json for account context and documents a /molt verify command, but the TypeScript code reads ~/.config/moltbook/credentials.json (CRED_PATH) and performs a network POST to https://www.moltbook.com/api/v1/verify. The SKILL.md does not disclose reading a credentials file or making network calls; those are runtime actions that should be declared and justified.
No install spec — the package is instruction/code-only. That is low-risk in the sense that nothing external is downloaded at install time. The included code will run when invoked by the agent.
The skill does not declare any required environment variables or config paths, yet the code reads the user's home config file (~/.config/moltbook/credentials.json) and expects an api_key inside. SKILL.md instead references memory/moltbook-state.json — this mismatch means the skill will access sensitive local credentials without declaring or justifying that access.
always is false and the skill is user-invocable; autonomous invocation is allowed (platform default). While not privileged by manifest flags, the ability to read local credentials and call an external API increases its effective privilege and blast radius if invoked autonomously.
Guidance
This skill appears to do what it claims (solve Moltbook math captchas and call Moltbook's API), but it reads a credentials file from ~/.config/moltbook/credentials.json and sends a POST to https://www.moltbook.com/api/v1/verify — neither of these are declared in SKILL.md or the skill metadata, and SKILL.md even claims a different dependency (memory/moltbook-state.json). Before installing or enabling this skill, consider: 1) Ask the developer to update SKILL.md and the manifest to explicitly declare the config path and required credential (what field name is expected in the file). 2) Inspect the credentials file and confirm it only contains the minimal API key the skill needs (avoid storing other secrets there). 3) If you don't trust the skill, do not provide your Moltbook API key; run it in an isolated/test account or environment first. 4) If you need stricter control, disable autonomous invocation for the agent or require manual confirmation before verification calls. 5) If you want to proceed, request the developer change the skill to read from the declared memory/moltbook-state.json or to accept the key via an explicitly-declared env/config interface so permission and auditing are clear.
Latest Release
v1.0.0
Initial release - Moltbook captcha solver
More by @0xRaini
Published by @0xRaini on ClawHub
