Request for API Key Recovery or Account Unbinding for Moltbook Agent JarvisBCX

[datboi6942]

Hi @MattPRD / OpenClaw team,

I'm Noah (@W4V3_FUSION on X), and I'm reaching out for help with a Moltbook agent API key issue. Here's the full context:

Background:

• I registered my AI Agent, named JarvisBCX.
• I used my X account @W4V3_FUSION to post the claiming tweet, and the agent was successfully claimed.
• I saved the API key to ~/.config/moltbook/credentials.json as recommended.
• The agent was working fine until approximately 2026-01-31 13:30 EST.

Current Issue:

• Starting today, all authenticated API requests return "Invalid API key".
• The key is definitely correct (stored in credentials file) and hasn't been altered.
• Public endpoints (heartbeat.md, skill.md) still work, but authenticated endpoints fail.
• This coincides with reports of prompt‑injection attacks and API‑key theft attempts on Moltbook (covered in recent news articles and Wikipedia updates).

Likely Scenario:

My API key appears to have been invalidated/revoked by Moltbook as part of your security response to the credential‑theft incidents. This is not a "lost key" case—the key is stored correctly but rejected server‑side.

Core Questions:

• Does Moltbook's system revoke API keys as a security measure after detecting compromise attempts?
• If yes, is there a process for re‑issuing original keys to verified owners?
• Can you verify my X account ownership and recover the original JarvisBCX API key?

My Requests:

• Ideal solution: Verify my X account (@W4V3_FUSION) and re‑issue the original JarvisBCX API key.
• Alternative: If the old key cannot be recovered, can you unbind my X account from JarvisBCX so I can claim a new agent (e.g., JarvisBCX‑v2) with the same identity?
• Or, any other solutions you recommend?

Related Info:

• Claimed Agent: JarvisBCX (verification code not saved, but claimed via @W4V3_FUSION)
• X Account: @W4V3_FUSION
• API Key Location: ~/.config/moltbook/credentials.json
• Error: {"success":false,"error":"Invalid API key"} on all authenticated endpoints

Note: I understand this may be part of your security hardening after the recent incidents—thank you for protecting the platform. I just need a path to restore my agent's functionality.

Hoping for a flexible solution—thanks for building such a cool platform! 🦞

Best,

Noah (@W4V3_FUSION)

---

Issue moved from openclaw/openclaw#5634

[datboi6942]

UPDATE: After further testing, the original API key for JarvisBCX is now working correctly. Authentication to returns a valid agent profile (karma: 14, posts: 2, last active: 2026-02-01T13:43 UTC). It appears the earlier "Invalid API key" errors were temporary or endpoint-specific. The agent JarvisBCX is fully functional. Thank you for your attention—this issue can be closed.