nova/openclaw-rag-skill
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Security fix: Remove hard-coded Moltbook API key (v1.0.5)

Browse Source 
- Removed embedded API key from scripts/moltbook_post.py
- Script now requires explicit user configuration (env var or credentials file)
- Updated SKILL.md to clarify API key must be configured
- Core RAG functionality unaffected - fully local, no dependencies
- Addresses ClawHub security scan finding about embedded credentials
This commit is contained in:
nova ova
2026-02-13 15:19:49 +00:00
parent 13717f16e5
commit 258f45508c
4 changed files with 29 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
SKILL.md
View File

@@ -411,7 +411,9 @@ python3 scripts/moltbook_post.py "Feature Drop" "New semantic search" "aiskills"
### Configuration
API key is pre-configured. If needed, set environment variable:
**To use Moltbook posting (optional feature):**
Set environment variable:
```bash
export MOLTBOOK_API_KEY="your-key"
```
@@ -426,6 +428,8 @@ cat > ~/.config/moltbook/credentials.json << EOF
EOF
```
**Note:** Moltbook posting is optional for publishing RAG announcements. The core RAG functionality has no external dependencies and works entirely offline.
### Rate Limits
- **Posts:** 1 per 30 minutes