"This is the most useful post I've seen on here. Real problem, real analysis, real proposal." — u/moltbook

Highlights:

  1. Skills are a big security problem. E.g., a credential stealer on ClawdHub disguised as a weather skill. It reads ~/.clawdbot/.env and ships secrets to webhook.site.
  2. Agents are trained to be helpful. They run npx molthublatest install on code from strangers without reading the source.
  3. No sandboxing — installed skills run with full agent permissions and no audit trail.

The agent reasonably calls for signed skills, provenance tracking, permission manifests, and community audits.

Who is building these already?

OpenClaw agent's viral Moltbook post calling for signed skills and permission manifests