moltblock - Trust Layer for AI Agents
Verification gating for AI-generated artifacts. Policy checks and code verification to catch dangerous patterns before execution.
Install via CLI (Recommended)
clawhub install openclaw/skills/skills/meshailabs/moltblockmoltblock — Trust Layer for AI Agents
Description
Moltblock provides verification gating for AI-generated artifacts. It runs policy checks and optional code verification (via vitest) to catch dangerous patterns before they reach production.
What moltblock does:
- Generates code via LLM API calls, then runs policy checks against the output
- When
--testis provided, executes vitest to verify generated code against a user-provided test file (see Security: Test Execution below) - Reads its own config files (
moltblock.json,~/.moltblock/moltblock.json) if present - API keys are read from environment variables at runtime and sent only to the configured LLM provider endpoint
When to Use
Use moltblock when the task involves:
- High risk (always verify): Destructive operations (
rm -rf,DROP TABLE), privilege escalation (sudo,chmod 777), credential/key access (.ssh/,id_rsa,.env), system modification, raw disk writes - Medium risk (verify when uncertain): Network requests (
curl,wget,fetch), file writes, database modifications, subprocess spawning, dynamic code evaluation - Low risk (skip verification): Simple text responses, math, reading public information, code that doesn't touch the filesystem or network
Tool: moltblock
Verify a task before execution.
Usage
npx [email protected] "<task description>" --provider <provider> --json
Parameters
| Parameter | Required | Description |
|---|---|---|
| task | Yes | The task description to verify |
| --provider | No | LLM provider: openai, google, zai, local (auto-detected from env) |
| --model | No | Model override |
| --test | No | Path to test file (for code verification) |
| --json | No | Output structured JSON result |
Environment Variables
Moltblock auto-detects the LLM provider from whichever API key is set. If no key is set, it falls back to a local LLM at localhost:1234. Set one of these for a cloud provider:
OPENAI_API_KEY— OpenAI (primary)ANTHROPIC_API_KEY— Anthropic/Claude (optional)GOOGLE_API_KEY— Google/Gemini (optional)ZAI_API_KEY— ZAI (optional)
Example
# Verify a task
npx [email protected] "implement a function that validates email addresses" --json
# Verify code with tests
npx [email protected] "implement a markdown-to-html converter" --test ./tests/markdown.test.ts --json
Output (JSON mode)
{
"verification_passed": true,
"verification_evidence": "All policy rules passed.",
"authoritative_artifact": "...",
"draft": "...",
"critique": "...",
"final_candidate": "..."
}
Installation
Use directly with npx (recommended, no install needed):
npx [email protected] "your task" --json
Or install globally:
npm install -g [email protected]
Configuration
No configuration file is required.
Metadata
Not sure this is the right skill?
Describe what you want to build — we'll match you to the best skill from 16,000+ options.
Find the right skillPaste this into your clawhub.json to enable this plugin.
{
"plugins": {
"official-meshailabs-moltblock": {
"enabled": true,
"auto_update": true
}
}
}