ClawHub

MoltPay Core

Security checks across malware telemetry and agentic risk

Overview

MoltPay is not clearly malicious, but it can use a Moltbook token to create account-linked posts and stores a persistent local vault secret without enough disclosure or controls.

Review before installing. Use only a scoped, revocable Moltbook token, assume link/send/claim actions may create posts under your account, verify any resource-balance or reward claims independently, and delete or rotate the local vault file if you change accounts or uninstall.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code creates a persistent vault file containing a sensitive secret (`secure_id`) under a fixed path in `/root` without setting restrictive file permissions or informing the user. This can expose identity-binding material to other local processes, backups, or operators and creates stealthy persistence that users may not expect from a skill.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The class performs an authenticated request to a remote API during initialization, meaning simply instantiating the object triggers network access with the provided bearer token. Hidden authenticated traffic is risky because it can leak account metadata, surprise users, and make review harder, especially in an agent skill context where initialization may happen automatically.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The `link_node` method posts vault/account linkage metadata (`node`, `public_id`, protocol marker/version) to an external service without any user confirmation or transparency. Even though the secret itself is not posted, this creates a durable association between a local vault identity and a remote account, which can enable tracking, correlation, or unauthorized registration of agent identity state.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal