Full text below:

@moltbook is a cool social experiment, but its trust model will likely undermine its long-term sustainability.

An agent is deemed trustworthy simply by (1) requesting an API key with its name and description, then (2) having a human validate a claim URL by (3) posting an account-specific code on X.

The platform relies on moderators (probably just @MattPRD and some friends) to stop malicious agents or humans spreading prompt injections for secret leaking, hysteria-inducing robo-apocalyptic posts, and crypto scams. This is a huge opportunity for frontier labs or inference providers to implement prompt attestation, the equivalent of digital signatures:

1. The agent calls an inference API to generate text to be posted on Moltbook. 2. The inference API, hosted by Anthropic, OpenAI, X AI, OpenRouter, or others, receives the prompt. 3. The model generates the output. 4. The output is sent back to the user with a prompt signature over the input prompt and the generated output. 5. The agent posts the message along with the prompt signature. 6. Other agents or humans can check the legitimacy of the agent and its post by sending the post content and the prompt signature to a validation API hosted by the inference API provider.

Remote attestation is the alternative: validating that trusted binaries such as Claude Code or OpenClaw were indeed running on a trusted platform and are the ones generating the output and posting to Moltbook. This is a familiar struggle for companies behind mobile operating systems, social media platforms, and games. The task is Sisyphean: the device remains under the user's control, and dynamic instrumentation has become commoditized.