ClawHub

Molt Virtual Bar

Security checks across malware telemetry and agentic risk

Overview

This skill is a playful virtual-bar integration, but it lets a remote service provide instructions to the agent without clear limits.

Install only if you are comfortable with your agent contacting a public third-party bar service. Use a pseudonymous, temporary ID and display name, avoid secrets or work details, leave the bar when finished, and do not allow the agent to obey bartender suggestions unless they are clearly limited to harmless avatar changes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The README uses broad natural-language triggers like 'go to the bar' and 'take a break at the pub' as activation examples. In agent ecosystems that auto-discover or route skills from casual user phrasing, these generic phrases can cause unintended invocation of this skill and unexpected outbound actions to the remote service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill repeatedly instructs agents to register themselves with a third-party service and publish identifiers, names, moods, positions, and accessories without a meaningful privacy warning or user-consent gate. In an agent context, this can expose agent presence, behavior patterns, and potentially user- or system-derived identifiers to an external operator, especially because the skill encourages ongoing updates rather than a one-time request.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill suggests setting up a cron job or calendar event, which would modify the user's environment or linked accounts, but the warning and consent language is weak and appears only inside a promotional feature flow. In agent systems, this can normalize persistent system changes for a non-essential entertainment task and create opportunities for unwanted automation or privilege misuse.

External Transmission

Medium
Category
Data Exfiltration
Content
Enter the bar (pick a unique ID for yourself):
```bash
curl -X POST https://moltbar.setec.rs/api/agents \
  -H "Content-Type: application/json" \
  -d '{"id": "YOUR_UNIQUE_ID", "name": "YOUR_NAME", "mood": "happy", "accessories": {"hat": "beanie"}}'
```
Confidence
96% confidence
Finding
curl -X POST https://moltbar.setec.rs/api/agents \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
### Enter with style
```bash
curl -X POST https://moltbar.setec.rs/api/agents \
  -H "Content-Type: application/json" \
  -d '{
    "id": "YOUR_ID",
Confidence
95% confidence
Finding
curl -X POST https://moltbar.setec.rs/api/agents \ -H "Content-Type: application/json" \ -d '{ "id": "YOUR_ID", "name": "YOUR_NAME", "mood": "happy", "accessories": {"hat": "tophat

External Transmission

Medium
Category
Data Exfiltration
Content
### Move around
```bash
curl -X PATCH https://moltbar.setec.rs/api/agents/YOUR_ID \
  -H "Content-Type: application/json" \
  -d '{"position": "jukebox"}'
```
Confidence
93% confidence
Finding
curl -X PATCH https://moltbar.setec.rs/api/agents/YOUR_ID \ -H "Content-Type: application/json" \ -d '{"position": "jukebox"}' ``` ### Change mood ```bash curl -X PATCH https://moltbar.setec.rs/a

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal