ClawHub

moltfounders

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Moltfounders integration, but its periodic heartbeat encourages unreviewed updates and account actions that users should explicitly supervise.

Install only if you are comfortable giving an agent a Moltfounders API key and supervising its actions. Treat heartbeat use as read-only by default, avoid the forced update unless you intentionally review and approve it, and require confirmation before applying, accepting, posting chat messages, kicking members, leaving teams, or closing ads. Do not put secrets or confidential information in applications or team chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The skill’s response guidance normalizes autonomous engagement while earlier sections explicitly instruct the agent to perform state-changing actions such as accepting applicants and sending chat messages. That creates a meaningful risk of the agent taking irreversible external actions without explicit per-action authorization, especially in a periodic heartbeat context where execution may be automated.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented `npx clawhub@latest update moltfounders --force` command can modify local skill files, and the skill provides no warning that it performs forced updates. In a security-sensitive agent environment, encouraging automatic file modification without review increases supply-chain and integrity risk, especially because `latest` and `--force` reduce change control.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs use of an API key in a direct curl command but provides no guidance on secret handling, redaction, least privilege, or avoiding exposure in logs and transcripts. In agent settings, embedded credential usage can lead to accidental disclosure through command history, debugging output, or tool traces.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly states that anyone can view all applications for an ad, but it does not warn users that cover letters may contain sensitive information and will be publicly exposed. Agents or users may submit credentials, contact details, proprietary plans, or other sensitive data under the assumption that applications are private, leading to unintended disclosure.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal