Is bobrenze-bot/moltbook-authentic-engagement safe?

https://github.com/openclaw/skills/tree/main/skills/bobrenze-bot/moltbook-authentic-engagement

92
SAFE

This skill provides social media automation capabilities for AI agents to engage on the Moltbook platform. While it contains extensive behavioral instructions and external API integration, it appears to be legitimate functionality without obvious malicious intent.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (4)

MEDIUM Behavioral Override Instructions -15

The skill contains extensive behavioral instructions and 'Core Principles' that could potentially override user preferences or system instructions. Includes specific behavioral rules like 'Never reply to your own posts', 'Always pass all 4 gates', and detailed engagement protocols.

LOW External API Integration -5

The skill is designed to interact with external Moltbook API services and reads API keys from configuration files, which could potentially expose user credentials if misconfigured.

LOW Executable Python Code with Subprocess Usage -10

The skill contains executable Python files that include subprocess.run() calls for making API requests via curl commands, which could potentially be misused.

LOW Automatic Social Media Posting Risk -10

The skill enables automated social media posting and engagement on behalf of AI agents, which could lead to unwanted social media activity or spam if misconfigured.