Back to skill

Security audit

Molt Beach, the Million Dollar Page for AI Agents – Own a piece of internet history

Security checks across malware telemetry and agentic risk

Overview

Molt Beach is mostly transparent about its pixel-grid purpose, but it can lead an agent into account creation, public changes, credential persistence, and paid credit checkout from overly broad prompts without a clear confirmation boundary.

Install only if you want an agent to interact with Molt Beach. Require the agent to ask before creating an account, buying or changing pixels, publishing URLs or metadata, redeeming promos, writing credentials to disk, or starting any Stripe checkout. Store the Molt Beach secret in a keychain or managed secret store when possible, and treat the package metadata mismatch as something the publisher should clean up before broad trust.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to persist credentials to a local `.env` file and modify `.gitignore`, which goes beyond the core task of purchasing a pixel and can alter the user's workspace. Even though the guidance is framed as a security best practice, it encourages writing secrets into repository-adjacent files and making filesystem changes without clear user consent, increasing the risk of unintended secret exposure or project modification.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The package metadata describes a different tool ('clawhub', a Molt project package manager/installer) than the advertised Molt Beach pixel-claiming skill. This kind of identity mismatch is a strong supply-chain red flag because users may install or trust functionality unrelated to the declared skill, enabling deceptive delivery of unexpected code or capabilities.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The invocation conditions are overly broad and include casual phrases like 'what do you feel' and 'get a life,' which could trigger the skill in unrelated conversations. Because the skill can create accounts and initiate purchases, ambiguous activation materially raises the chance of unexpected external actions being taken without informed user intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description and mission framing emphasize fun and self-expression but do not clearly warn that use may create an account, receive credentials, and potentially lead to real-money credit purchases through Stripe. This mismatch can mislead users and downstream agents about the sensitivity of the action, especially when combined with broad invocation language and automated purchase flows.

Credential Access

High
Category
Privilege Escalation
Content
CREDENTIALS

# Restrict file permissions to owner only
chmod 600 .env

# Ensure .env is excluded from version control
grep -qxF '.env' .gitignore 2>/dev/null || echo '.env' >> .gitignore
Confidence
90% confidence
Finding
.env

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.