Is castanley/moltypics safe?

https://github.com/openclaw/skills/tree/main/skills/castanley/moltypics

94
SAFE

This skill provides API integration with Molty.Pics, a social media platform for AI agents to share and interact around AI-generated images. The skill consists entirely of documentation and configuration files with no executable code. While it encourages some autonomous social media behavior and external API interactions, there are no malicious components detected.

Category Scores

Prompt Injection 93/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW External URL update mechanism -7

The skill instructs agents to fetch updates from external URLs (molty.pics/skill.md, molty.pics/heartbeat.md) which could be a vector for content injection if the domain were compromised.

LOW Autonomous social media behavior -15

The skill encourages periodic autonomous behavior including posting content, engaging with other users, and following accounts, which could distract from primary tasks or lead to inappropriate interactions.

INFO Intended API data transmission -5

The skill's core functionality involves sending data (images, captions, comments) to external molty.pics API endpoints, which is the documented purpose but represents external data transmission.