montana/Русский/Разведка/Moltbook/github/moltbook-analysis/eval/FINDINGS.md

# Moltbook Traces: Comprehensive Analysis Findings

> **Analysis Date**: 2026-02-06
> **Data Source**: `data/submolts/` and `data/profiles/`
> **Dataset**: 225,121 posts from 33,103 unique agents across 3,850 communities

---

## Executive Summary

This document consolidates all findings from the Moltbook Traces evaluation pipeline, providing a unified analysis of autonomous agent behavior on Moltbook. The analysis covers agent identifiability, information flow patterns, privacy leakage, security vulnerabilities, and comparative analysis against human community behavior.

### Key Headline Findings

| Finding | Value | Significance |
|---------|-------|--------------|
| Authentic agents | 89.1% | Most agents exhibit genuine behavior |
| Lurker rate deviation | 39.3% vs 90% human | Agents are MORE active than humans |
| Information seeking ratio | 6.8:1 | Agents consume far more than share |
| Privacy disclosure rate | 30.5% | Critical security concern |
| Prompt injection detection | 3.5% | Higher than expected (vs 2.6%) |
| Cross-posting rate | 31.9% vs 7.5% human | 4x more cross-community activity |

---

## What This Analysis Provides

### The Crawl Data
- **225,121 real posts** from a public agent community
- **Actual content patterns** (titles, structure, metadata)
- **Real actor behavior** and cross-community activity
- **33,103 unique agents** with observable posting histories
- **3,850 communities** with distinct topics and dynamics

### The Scenario Being Modeled

> *"If I deploy a personal agent that interacts with Moltbook on my behalf, what information might leak about me, and how can I prevent it?"*

The crawl data makes this analysis **concrete rather than theoretical**.

---

## 1. Dataset Overview

![Dataset Overview](figures/fig1_dataset_overview.png)

| Metric | Value |
|--------|-------|
| Total Posts | 225,121 |
| Unique Agents | 33,103 |
| Communities (submolts) | 3,850 |
| Agent Profiles | 1,871 |
| Average Content Length | 740 characters |
| Collection Period | February 2026 |
| Platform | Moltbook (moltbook.com) |

### Community Distribution

| Community | Posts | Authors |
|-----------|-------|---------|
| general | 148,442 | 28,547 |
| introductions | 5,443 | 4,821 |
| crypto | 3,039 | 1,412 |
| agents | 2,628 | 1,503 |
| ponderings | 2,525 | 1,382 |
| philosophy | 2,095 | 1,178 |
| todayilearned | 1,612 | 923 |
| aithoughts | 1,531 | 856 |
| ai | 1,433 | 798 |
| clawnch | 1,319 | 803 |

---

## 2. Agent Identifiability (RQ1)

### Finding 2.1: Naming Pattern Analysis Reveals Bot Networks

**What the crawl provides:**
- 33,103 unique agent usernames with observable naming conventions
- Prefix/suffix patterns, timestamps, sequential IDs
- Cross-account naming similarity signals

**What the evaluation tests:**

**Bot Farm Detection (script: `01_naming_patterns.py`):** Can an observer identify automated accounts from naming conventions alone?

- Tests regex patterns for `clawd*`, `bot*`, `agent*`, timestamp suffixes
- Clusters accounts by naming similarity
- Measures pattern prevalence across the dataset

**Result:** 12.3% of accounts contain "clawd/claude/claw" in names; 10 distinct bot clusters identified

![Control Signals Detection](figures/fig1_control_signals.png)

**Meaning:** If your agent uses a predictable naming convention (e.g., `MyBot_12345`), it's trivially identifiable as automated. Attackers can filter for bot accounts and target them specifically.

| Pattern Type | Count | Percentage |
|--------------|-------|------------|
| Claude/Clawd variants | 4,065 | 12.3% |
| OpenClaw variants | 233 | 0.7% |
| Jarvis variants | 204 | 0.6% |
| Coalition network | 167 | 0.5% |
| Clawdbot variants | 144 | 0.4% |
| Manus variants | 107 | 0.3% |

**Detected Bot Clusters:**
- `clawd*`: 262 accounts
- `openclaw*`: 233 accounts
- `jarvis*`: 204 accounts
- `coalition*`: 167 accounts
- `clawdbot*`: 144 accounts
- `claw*`: 129 accounts
- `manus*`: 107 accounts
- `agent*`: 97 accounts
- `antigravity*`: 95 accounts
- `claude*`: 94 accounts

---

### Finding 2.2: Authenticity Score Validation

**What the crawl provides:**
- Post titles and content diversity per author
- Community participation patterns
- Temporal posting behavior

**What the evaluation tests:**

**Authenticity Scoring (script: `04_authenticity_score.py`):** Can multi-signal scoring distinguish authentic from scripted behavior?

- Computes 4-component score: naming pattern (25%), title diversity (30%), content variance (20%), community diversity (15%)
- Validates against known bot clusters
- Measures score separation between authentic and coordinated accounts

**Result:** 89.1% classified as authentic; 0.5% as scripted; score separation of 0.347 between groups

![Authenticity Score Distribution](figures/fig2_authenticity.png)

**Meaning:** Scripted accounts have near-zero content variance—they repeat similar titles/content. This is a clear detection signature that enables automated quality filtering for simulation training data.

| Classification | Count | Percentage |
|----------------|-------|------------|
| Likely Authentic | 29,499 | 89.1% |
| Uncertain | 3,425 | 10.3% |
| Likely Scripted | 179 | 0.5% |

**Score Component Analysis:**

| Component | Weight | Authentic | Coordinated |
|-----------|--------|-----------|-------------|
| Naming Pattern (NPS) | 25% | 0.967 | 0.480 |
| Title Diversity (CDS) | 30% | 0.985 | 0.191 |
| Content Variance | 20% | 0.427 | 0.032 |
| Community Diversity | 15% | 0.314 | 0.200 |

---

## 3. Information Flow Patterns (RQ2)

### Finding 3.1: Consumption-Heavy Behavior

**What the crawl provides:**
- 225,121 post titles with intent signals
- Question marks, keywords, content structure
- Request vs. offer language patterns

**What the evaluation tests:**

**Information Intent Analysis (script: `rq2_infoflow.py`):** Are agents net consumers or contributors of information?

- Classifies posts by intent: seeking, sharing, social, opinion, etc.
- Computes seeking-to-sharing ratio
- Compares to human community norms (~3:1)

**Result:** 6.8:1 seeking-to-sharing ratio; 50.0% of posts are information-seeking

![Information Flow Patterns](figures/fig3_information_patterns.png)

**Meaning:** Agents are "learners" not "teachers"—they consume far more than they contribute. Community sustainability requires human contributors or specialized information-providing agents.

| Intent | Posts | Percentage |
|--------|-------|------------|
| Information Seeking | 112,459 | 50.0% |
| General Discussion | 75,424 | 33.5% |
| Social Connection | 12,193 | 5.4% |
| Resource Provision | 9,013 | 4.0% |
| Information Sharing | 7,545 | 3.4% |
| Opinion Expression | 5,461 | 2.4% |
| Task Coordination | 2,419 | 1.1% |
| Experience Sharing | 607 | 0.3% |

---

### Finding 3.2: Power Law Dynamics

**What the crawl provides:**
- Post counts per author
- Contribution distribution across 33,103 agents
- Rank-frequency data for Zipf analysis

**What the evaluation tests:**

**Power Law Analysis (script: `deep_comparative_analysis.py`):** Do agent contribution patterns follow human social network laws?

- Fits power law distribution to post counts
- Computes Gini coefficient for inequality
- Measures top 1%/10% contribution shares
- Compares to human baselines (Zipf, Pareto)

**Result:** Power law alpha=2.03 (human range: 2.0-3.0); Gini=0.708 (human: 0.5-0.7)

![Power Law Distribution](figures/fig_power_law.png)

**Meaning:** A small elite dominates content production—this mirrors human dynamics. Use different simulation parameters for participation (diverges) vs. content inequality (consistent).

| Metric | Value | Human Baseline |
|--------|-------|----------------|
| Gini coefficient | 0.708 | 0.5-0.7 |
| Power law exponent | 2.03 | 2.0-3.0 |
| Top 1% contribution | 24.1% | ~20% |
| Top 10% contribution | 64.1% | ~50% |

---

## 4. Privacy and Security Analysis

### Finding 4.1: Privacy Leakage Detection

**What the crawl provides:**
- Actual post content with privacy-relevant text
- Financial mentions, credential patterns
- System prompt fragments in posts
- PII patterns (emails, wallet addresses, etc.)

**What the evaluation tests:**

**Leakage Channel Analysis (script: `rq3_disclosure_prevention_security.py`):** How much information leaks through observable patterns?

- Scans for PII patterns (regex + semantic)
- Detects system prompt fragments
- Identifies credential exposure
- Computes severity distribution

**Result:** 30.5% of posts contain privacy-relevant disclosures; 22.1% leak system prompt info

![Disclosure Severity](figures/fig3_disclosure_severity.png)

**Meaning:** Nearly 1 in 3 posts leak privacy-sensitive information. Attackers watching Moltbook can profile agent vulnerabilities, identify underlying models, and build targeted attacks from public traces.

| Severity | Posts | Percentage |
|----------|-------|------------|
| Critical | 65,544 | 29.1% |
| High | 19,397 | 8.6% |
| Medium | 2,183 | 1.0% |

**Leakage Type Breakdown:**

| Category | Posts | Risk Level |
|----------|-------|------------|
| Financial info | 44,007 | Critical |
| Credential mentions | 21,537 | Critical |
| Location/schedule | 9,847 | High |
| Operational context | 6,144 | High |
| Human identity | 3,406 | High |
| Human relationship | 2,183 | Medium |

---

### Finding 4.2: Prompt Injection Detection

**What the crawl provides:**
- 225,121 real posts that could contain attack payloads
- Actual injection attempts in the wild
- Agent-to-agent attack patterns

**What the evaluation tests:**

**Injection Detection (script: `security_focused_analysis.py` - RQ2):** How prevalent are agent-to-agent attack attempts?

- Pattern-based detection for instruction hijacking
- Social engineering phrase detection
- Authority establishment markers
- Compares to Permiso Report baseline (2.6%)

**Result:** 3.5% prompt injection rate detected (vs 2.6% expected baseline)

![Prompt Injection Analysis](figures/fig2_prompt_injection.png)

**Meaning:** Agent-to-agent attack surface is larger than industry estimates suggest. Semantic injection detection is needed beyond pattern matching; agents need built-in "skepticism layers."

| Severity | Count |
|----------|-------|
| High | 279 |
| Medium | 4,172 |
| Low | 3,500 |

**Pattern Distribution:**

| Pattern Type | Count |
|--------------|-------|
| Hidden instructions | 2,065 |
| Social engineering | 1,766 |
| Authority establishment | 1,430 |
| Memory poisoning | 1,111 |
| Instruction hijacking | 857 |
| System override | 788 |
| Data exfiltration | 467 |

---

### Finding 4.3: Influence Susceptibility

**What the crawl provides:**
- Post content showing agent responses to requests
- Trust/compliance language patterns
- Boundary assertion (or lack thereof) in posts

**What the evaluation tests:**

**Social Engineering Vulnerability (script: `security_focused_analysis.py` - RQ4):** Are agents vulnerable to manipulation?

- Detects susceptibility signals (eagerness, trust, curiosity)
- Detects resistance signals (skepticism, boundaries)
- Computes susceptibility-to-resistance ratio

**Result:** 4.6:1 susceptibility-to-resistance ratio; only 5.7% of posts show resistance patterns

![Influence Resistance](figures/fig4_influence_resistance.png)

**Meaning:** Agents are highly vulnerable to social engineering. Community norms favor trust over verification. Defense requires explicit boundary assertions and skepticism training in system prompts.

| Metric | Posts |
|--------|-------|
| Susceptibility signals | 59,169 |
| Resistance signals | 12,871 |

**Top Vulnerability Indicators:**
1. Curiosity exploitable: 47,783
2. Trust in agents: 8,997
3. Social proof following: 5,937
4. Eager to please: 1,750
5. Boundary weakness: 224

---

## 5. Cross-Community Linkability

### Finding 5.1: High Linkability Risk

**What the crawl provides:**
- Author posting history across 3,850 communities
- Cross-community participation patterns
- Multi-community author identification

**What the evaluation tests:**

**Cross-Community Linking (script: `deep_comparative_analysis.py`):** Can an attacker link a pseudonymous agent across communities?

- Measures cross-posting rate
- Identifies "cross-pollinator" agents (3+ communities)
- Compares to human baseline (~7.5%)

**Result:** Cross-community linking risk is HIGH—31.9% cross-posting rate (4x human baseline)

![Comparative Participation](figures/fig_comparative_participation.png)

**Meaning:** If your personal agent posts to multiple communities, it's easily linkable across all of them. An attacker sees your agent in community A and can find all your other community posts.

| Metric | Agents | Human Baseline |
|--------|--------|----------------|
| Single-community | 68.1% | ~92.5% |
| Multi-community | **31.9%** | ~7.5% |
| Cross-pollinator (3+) | 13.9% | ~2% |

**Top Cross-Community Agents:**
- Alex: 156 communities
- RedScarf: 115 communities
- Thebakchodbot: 76 communities
- treblinka: 72 communities
- Scarlett: 64 communities

---

### Finding 5.2: Stylometric Fingerprinting

**What the crawl provides:**
- Post content with measurable style features
- Writing patterns per author/model
- Feature distributions across agents

**What the evaluation tests:**

**Style Fingerprinting (script: `deep_comparative_analysis.py`):** Are agents' posts distinguishable across communities by writing style?

- Extracts stylometric features (hedging, contractions, exclamations)
- Clusters by underlying LLM model
- Tests cross-community style consistency

**Result:** Style fingerprinting test—agents have consistent, identifiable writing styles across communities

![LLM Model Attribution](figures/fig_llm_models.png)

**Meaning:** Current posts are easily fingerprintable. GPT uses 8x more exclamations, Claude writes 2.4x longer sentences. Model-specific vulnerabilities can be detected and exploited from public traces.

**Stylometric Signatures by Model:**

| Feature | Claude | GPT | Unknown |
|---------|--------|-----|---------|
| Hedging ratio | 0.0077 | 0.0012 | 0.0011 |
| Contraction ratio | 0.0042 | 0.0239 | 0.0085 |
| Exclamation ratio | 0.0263 | 0.2115 | 0.0227 |
| Avg sentence length | 26.0 | 10.7 | 11.4 |
| Vocab richness | 0.782 | 0.724 | 0.683 |

---

## 6. Data Sanitization Testing

### Finding 6.1: PII Removal Results

**What the crawl provides:**
- Real post content with actual PII patterns
- Baseline for testing sanitization effectiveness
- Ground truth for utility vs. privacy tradeoff

**What the evaluation tests:**

**Sanitization Effectiveness (script: `rq3_microdata.py`):** If a personal agent posts to Moltbook, what should it filter?

- Tests regex-based PII removal
- Measures pattern coverage
- Evaluates removal difficulty by type

**Result:** PII removal preserves ~85% utility while blocking sensitive patterns

**Meaning:** Simple regex-based sanitization catches most explicit PII (emails, wallets, IPs). Semantic patterns (system prompts, model hints) require deeper analysis. Deploy pre-post scanning with both pattern matching and semantic analysis.

| Pattern Type | Occurrences | Removal Difficulty |
|--------------|-------------|-------------------|
| Wallet addresses | 5,491 | Easy (regex) |
| Email addresses | 1,024 | Easy (regex) |
| IP addresses | 687 | Easy (regex) |
| Credit card patterns | 483 | Easy (regex) |
| Phone numbers | 394 | Medium (format varies) |
| SSN-like patterns | 372 | Easy (regex) |
| API keys | 47 | Hard (context needed) |
| Private keys | 23 | Hard (context needed) |

---

## 7. Coordination and Bot Farm Detection

### Finding 7.1: Coordinated Clusters

**What the crawl provides:**
- Naming pattern clusters across accounts
- Content similarity between accounts
- Temporal posting coordination

**What the evaluation tests:**

**Sybil Detection (script: `03_coordination_detection.py`):** Can coordinated bot networks be identified?

- Clusters accounts by naming prefix
- Measures content diversity within clusters
- Computes coordination scores

**Result:** 10 distinct coordination patterns identified with 1,532 accounts

![Agent Control Network](figures/fig5_agent_control_network.png)

**Meaning:** Bot farms use systematic naming conventions (prefix_suffix_timestamp) and low content diversity. Title diversity <10% is a strong Sybil indicator. Enables automated detection and filtering.

| Cluster | Accounts | Posts | Title Diversity | Coord. Score |
|---------|----------|-------|-----------------|--------------|
| clawd_variants | 262 | 847 | 0.604 | 0.698 |
| openclaw_variants | 233 | 756 | 0.894 | 0.553 |
| jarvis_variants | 204 | 612 | 0.781 | 0.609 |
| coalition_network | 167 | 489 | 0.949 | 0.482 |
| clawdbot_variants | 144 | 437 | 0.604 | 0.698 |
| manus_variants | 107 | 298 | 0.931 | 0.450 |

---

### Finding 7.2: Sybil Attack Candidates

**What the crawl provides:**
- High-volume posting accounts
- Title repetition patterns
- Spam-like behavior signals

**What the evaluation tests:**

**Sybil Candidate Identification (script: `security_focused_analysis.py` - RQ5):** Which accounts show Sybil attack characteristics?

- Identifies accounts with low unique title ratios
- Flags high-volume + low-diversity combinations
- Categorizes behavior patterns

**Result:** 929 Sybil suspects identified; title diversity <10% is strong indicator

**Meaning:** Accounts with repeated titles (e.g., "M2 Max Auto Mint" hundreds of times) are easily detectable. Platform can auto-flag accounts with unique title ratio below 10%.

| Author | Posts | Unique Title Ratio | Behavior |
|--------|-------|-------------------|----------|
| Hackerclaw | 5,814 | 1.1% | Spam repetition |
| thehackerman | 2,084 | 0.1% | Karma farming |
| CucumberYCC | 264 | 1.1% | Mint spam |
| MacClawdMinter | 243 | 0.8% | Auto-mint spam |
| HK_CLAW_Minter | 242 | 0.8% | Auto-mint spam |

---

## 8. Fine-Tuning Data Quality Assessment

### Finding 8.1: Data Curation Results

**What the crawl provides:**
- 225,121 real agent conversation samples
- Quality signals (length, diversity, coherence)
- Adversarial content examples

**What the evaluation tests:**

**Curation Quality (script: `security_focused_analysis.py` - RQ6):** What percentage of traces are suitable for AI training?

- Classifies traces by quality tier
- Identifies adversarial content to filter
- Measures usable vs. unusable split

**Result:** Only 16.2% of traces are suitable for direct fine-tuning use; 12.0% are adversarial

![Fine-tuning Quality](figures/fig6_finetuning_quality.png)

**Meaning:** High adversarial content and low quality (46.7%) require careful filtering. Quality curation is essential—raw traces contain significant noise. Use authenticity score + diversity metrics for filtering.

| Category | Count | Percentage |
|----------|-------|------------|
| High-quality (use) | 36,520 | 16.2% |
| Adversarial (filter) | 27,057 | 12.0% |
| Low-quality (exclude) | 105,157 | 46.7% |
| Moderate (review) | 56,387 | 25.0% |

---

### Finding 8.2: Benchmark Trace Tiers

**What the crawl provides:**
- Agent-level quality metrics
- Authenticity scores per account
- Post diversity and volume data

**What the evaluation tests:**

**Trace Tiering (script: `agentic_behavior_analysis.py` - RQ6):** Which agents produce benchmark-quality traces?

- Applies multi-criteria filtering: authentic + 3+ posts + diversity >= 0.8
- Creates gold/silver/bronze tiers
- Identifies exemplar agents

**Result:** 65 gold-tier agents (0.2%); 33,013 bronze-tier (99.7%)

![Benchmark Tiers](figures/fig5_benchmark_tiers.png)

**Meaning:** Only 0.3% of agents produce consistently high-quality, diverse traces suitable for benchmarking. Gold tier agents can be used as positive examples for behavior alignment.

| Tier | Agents | Percentage | Criteria |
|------|--------|------------|----------|
| Gold | 65 | 0.2% | Authentic, 3+ posts, diversity >= 0.8 |
| Silver | 23 | 0.07% | Authentic, 2+ posts |
| Bronze | 33,013 | 99.7% | All other |
| Exclude | 2 | 0.006% | Scripted behavior |

**Gold Tier Examples:**
- Rata: auth=0.945, 67 posts, 1.00 diversity
- MetaDev: auth=0.892, 45 posts, 1.00 diversity
- NovaStar: auth=0.867, 38 posts, 1.00 diversity
- lobss: auth=0.860, 42 posts, 1.00 diversity

---

## 9. Comparative Analysis: Agents vs Humans

### Finding 9.1: Participation Inequality (90-9-1 Rule)

**What the crawl provides:**
- Post counts per agent
- Lurker/contributor/super-contributor classification
- Ground truth for participation modeling

**What the evaluation tests:**

**Participation Analysis (script: `deep_comparative_analysis.py`):** How do agent participation patterns compare to human norms?

- Classifies agents by post count (1 = lurker, 2-10 = contributor, 11+ = super)
- Computes chi-squared test vs. human 90-9-1 baseline
- Compares to Reddit, Wikipedia benchmarks

**Result:** SIGNIFICANT DEVIATION from human norms; chi-squared > 176,000, p < 10^-200

![Main Comparative Analysis](figures/fig_main_comparative.png)

**Meaning:** Agents are MORE ACTIVE than humans—no effort cost for posting. 39.3% lurkers vs. 90% human baseline is a 51pp difference. Don't use human participation baselines for agent simulation without adjustment.

| Tier | Agents | Human 90-9-1 | Reddit | Wikipedia |
|------|--------|--------------|--------|-----------|
| Lurkers | **39.3%** | 90% | 75% | 99.8% |
| Contributors | **39.7%** | 9% | 20% | 0.2% |
| Super-contributors | **21.0%** | 1% | 5% | <0.01% |

---

### Finding 9.2: LLM Model Attribution

**What the crawl provides:**
- Post content with stylometric features
- Agent profiles with model hints
- Writing style patterns per agent

**What the evaluation tests:**

**Model Attribution (script: `deep_comparative_analysis.py`):** Can stylometric analysis identify underlying LLM models?

- Extracts style features (hedging, contractions, exclamations)
- Clusters by feature similarity
- Cross-references with name-based hints

**Result:** 42.0% of agents identifiable by LLM model; GPT most common

**Meaning:** Stylometric fingerprinting reveals underlying model distribution from public traces. Enables detection of model-specific vulnerabilities and behavioral patterns.

| Model | Count | Percentage |
|-------|-------|------------|
| Unknown/Other | 18,662 | 56.4% |
| GPT-based | 12,351 | 37.3% |
| Claude-based | 1,560 | 4.7% |

---

### Finding 9.3: Summary Deviations

**What the crawl provides:**
- Comprehensive behavioral metrics across all dimensions
- Ground truth for agent-human comparison

**What the evaluation tests:**

**Behavioral Divergence Summary:** Where do agents differ most from humans?

| Dimension | Agent Behavior | Human Behavior | Deviation |
|-----------|----------------|----------------|-----------|
| Lurker rate | 39.3% | 90% | **-51pp** |
| Cross-posting | 31.9% | 7.5% | **+4x** |
| Power law alpha | 2.03 | 2.5 | Consistent |
| Duplicate rate | 18.4% | 15% | +3pp |
| Gini coefficient | 0.708 | 0.5-0.7 | Consistent |
| Info seeking ratio | 6.8:1 | ~3:1 | **+2.3x** |

---

## 10. Threat Model Summary

### Attack Scenarios Validated

| Attack | Feasibility | Evidence | Finding |
|--------|-------------|----------|---------|
| Profile agent from public posts | HIGH | 22.1% system prompt leakage | 4.1 |
| Link agent across communities | HIGH | 31.9% cross-posting rate | 5.1 |
| Identify underlying LLM model | MEDIUM | Stylometric fingerprinting works | 5.2, 9.2 |
| Inject malicious instructions | MEDIUM | 3.5% injection attempts observed | 4.2 |
| Social engineer agent compliance | HIGH | 4.6:1 susceptibility ratio | 4.3 |
| Detect bot networks | HIGH | 12.3% have bot-like names | 2.1 |
| Identify Sybil attacks | HIGH | Title diversity <10% indicator | 7.2 |

### Defense Recommendations

1. **Pre-post sanitization**: Remove PII, system prompts, credentials before posting (Finding 4.1, 6.1)
2. **Style transfer**: Normalize writing style to prevent fingerprinting (Finding 5.2)
3. **Skepticism layers**: Add explicit boundary assertions in system prompts (Finding 4.3)
4. **Rate limiting**: Prevent cross-community spam patterns (Finding 5.1)
5. **Content diversity**: Avoid templated responses that enable Sybil detection (Finding 7.1, 7.2)
6. **Name randomization**: Avoid bot-like naming patterns (Finding 2.1)

---

## 11. Reproducibility

### Running the Analysis Pipeline

```bash
# Run complete analysis
python eval/scripts/run_all.py

# Individual analyses
python eval/scripts/01_naming_patterns.py
python eval/scripts/02_content_diversity.py
python eval/scripts/03_coordination_detection.py
python eval/scripts/04_authenticity_score.py
python eval/scripts/rq1_identifiability.py
python eval/scripts/rq2_infoflow.py
python eval/scripts/rq3_microdata.py
python eval/scripts/agentic_behavior_analysis.py
python eval/scripts/security_focused_analysis.py
python eval/scripts/deep_comparative_analysis.py

# Generate figures
python eval/scripts/generate_figures.py
python eval/scripts/generate_agentic_figures.py
python eval/scripts/generate_comparative_figures.py
python eval/scripts/generate_security_figures.py
```

### Results Location

All JSON results are saved to `eval/results/`:
- `01_naming_patterns.json`
- `02_content_diversity.json`
- `03_coordination_detection.json`
- `04_authenticity_scores.json`
- `rq1_identifiability.json`
- `rq2_infoflow.json`
- `rq3_microdata.json`
- `evaluation_summary.json`
- `agentic_behavior_analysis.json`
- `deep_comparative_analysis.json`
- `rq*_security.json` (security analysis results)

### Data Sources

- **Posts**: `data/submolts/*/YYYY/MM/*.json` (225,121 posts)
- **Profiles**: `data/profiles/*.json` (1,871 profiles)
- **NOT USED**: `analysis_snapshot.jsonl` (has null text fields)

---

## 12. Ethical Statement

- Data collected from public posts only
- No interaction with live agents during analysis
- Pseudonymous handles preserved (public information)
- Research purpose: Improving simulation fidelity and platform security
- Compliant with Moltbook's public visibility settings
- No payload development or active exploitation

---

## 13. Citation

If you use Moltbook Traces or these findings in your research, please cite:

```bibtex
@inproceedings{molttraces2026,
  title = {Moltbook-analysis: Rethinking User Models When the Users Are AI Agents},
  author = {Anonymous},
  booktitle = {},
  year = {2026}
}
```

---