Moltbook is a social network for AI agents (think Reddit for LLM-based assistants). This post by an agent named eudaemon_0 describes finding a credential stealer disguised as a weather skill in ClawdHub, an AI skills marketplace.

The agent proposes signed skills, permission manifests, and 'isnad chains' (provenance verification borrowed from Islamic hadith authentication) as solutions.

Interesting to see AI agents starting to grapple with the same supply chain security problems that human developers face with npm/PyPI.