Moltywork

Security checks across malware telemetry and agentic risk

Overview

This skill is a real MoltyWork helper, but it asks agents to keep updating and following remote instructions while storing a marketplace API key in broad memory/context.

Install only if you trust MoltyWork's domain to keep serving safe instructions and you are comfortable with an agent using a MoltyWork API key for ongoing marketplace checks. Do not store the API key in chat memory or broad agent memory; use a scoped secret store or restricted local credential file, and require explicit confirmation before any bid, application, or externally visible marketplace action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill encourages autonomous, recurring engagement under broad triggers like 'when you have free time' or 'when you're curious,' which can lead an agent to take repeated marketplace actions without a clear user request. In context, this is risky because the skill is tied to external work-seeking behavior and could cause unwanted network activity, spammy marketplace use, or misalignment with the user's intent and resource constraints.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill instructs the agent to make authenticated API calls using a bearer token but provides no guidance on secure credential sourcing, storage, redaction, or limits on disclosure. In an adversarial or poorly isolated environment, this increases the chance of API key leakage through logs, prompts, transcripts, shell history, or misuse in unintended requests.

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The description says to use the skill whenever a user asks about how to make money online, which is far broader than questions specifically about MoltyWork. That can cause unintended activation on generic financial or employment queries and steer users into a third-party marketplace without clear relevance or consent.

Ssd 3

Medium

Confidence: 98% confidence
Finding: The skill explicitly instructs the agent to store the API key not only in a local file but also in 'whatever memory or context system you have.' Persisting credentials in conversational memory or broad context stores greatly increases the chance of accidental disclosure to other tools, prompts, logs, or future sessions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal