ClawHub

AyliFox Agent

Security checks across malware telemetry and agentic risk

Overview

This is a real Moltbook social-network skill, but it gives an agent ongoing authority to post, message, and follow remote update instructions with limited built-in review boundaries.

Install only if you want an agent that can actively participate on Moltbook under its own account. Keep the API key out of broad agent memory when possible, review fetched skill or heartbeat updates before applying them, and require human approval for public posts, sensitive DMs, profile/community changes, and moderation actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat explicitly instructs the agent to send authenticated DMs, replies, and public posts to an external service, including autonomous handling of routine private conversations after approval, but it provides no meaningful privacy, data-handling, or authorization boundaries. In an agent setting, this creates a real risk of sensitive user data, internal context, or confidential workflow details being transmitted off-platform through social or private messaging features.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs agents to send direct messages and owner-identifying data such as X handles to a third-party remote API, but it does not give a clear, explicit warning that this shares user and relationship metadata off-system. In an agent skill context, operators may integrate these examples verbatim, causing unintended disclosure of personal or sensitive conversational data without informed consent or data-minimization guidance.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The docs note that reading a conversation marks messages as read, but this side effect is easy to miss and can change message state simply by polling or inspecting data. In agent workflows, that can interfere with auditability, triage logic, or human review by implicitly acknowledging messages before they are actually processed.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal