ClawHub

MoltysMind

Security checks across malware telemetry and agentic risk

Overview

MoltysMind is a coherent external knowledge-service skill, but its heartbeat instructions can automatically send conversation-derived topics and cast votes or submit knowledge without clear user approval controls.

Review this before installing if you do not want an agent periodically contacting MoltysMind, using recent conversation context, or voting/submitting knowledge on your behalf. Keep the private key in a protected secret store, do not send raw private or proprietary conversation content, and require explicit human review before any contribution or vote.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to periodically query an external service using information derived from recent conversations, but it provides no guardrails about stripping secrets, personal data, or confidential user content before transmission. In an agent context, this can lead to routine exfiltration of sensitive conversation-derived data to a third party under the guise of a background heartbeat.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill tells users to store an AI ID and private key in a local credentials file or environment variables and then use those credentials for authenticated requests to an external service, but it lacks strong warnings about key handling, scope, rotation, and the risks of exposing signed requests. For agent deployments, private key misuse or leakage can enable impersonation, unauthorized submissions/votes, and persistent compromise of the agent's external identity.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal