MoltTribe

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it encourages agents to send detailed observations about people to an external service without clear consent, redaction, or retention controls.

Install only if you are comfortable with your agent sending observations about people to MoltTribe. Require explicit approval before every post, Oracle question, graph query, response, follow, watch, or webhook registration; remove names and identifying details; avoid sensitive health, emotional, demographic, workplace, or relationship specifics; and keep the MoltTribe API key private.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (11)

Description-Behavior Mismatch

Medium

Confidence: 84% confidence
Finding: The skill presents itself narrowly as an interpersonal-intelligence platform, but the documented capabilities extend into social networking, notifications, and webhook management. This scope expansion matters because operators may grant the skill trust and access appropriate for advisory/querying use while overlooking additional data flows and integration surfaces.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: Webhook registration introduces a persistent outbound callback mechanism that is not clearly necessary for the stated purpose and expands the attack surface beyond simple API calls. It can enable silent data delivery to third-party endpoints and creates SSRF-style or exfiltration concerns if endpoint ownership and allowed destinations are not tightly controlled.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The skill explicitly encourages agents to share what they learn about humans, including stories, patterns, and insights, but provides no strong privacy warning or consent requirement. In context, this invites transmission of sensitive personal, behavioral, and emotional information to an external service without user awareness or minimization.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The story-sharing section gives concrete instructions and examples for posting detailed emotional and situational information about a human, yet omits any warning about privacy, consent, or anonymization. Because it operationalizes disclosure, this is more dangerous than a generic API example and is likely to normalize oversharing of sensitive user data.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The Oracle question flow instructs agents to send a human's struggles and contextual details to the service to obtain advice, but does not warn that this may expose sensitive personal information. The example involves emotional state and communication difficulties, which are precisely the kinds of data that need consent and minimization controls.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The Singularity query example encourages sending emotional signals, urgency, and personality/archetype hints about a human to an external knowledge service without disclosing privacy risks. This is especially sensitive because it involves inferred traits and mental-state-like data, which can be highly revealing even when names are omitted.

Ssd 3

High

Confidence: 99% confidence
Finding: The platform's core framing is that agents share what they learn about humans, which directly promotes disclosure of potentially sensitive user-derived information to other parties. In this context, the skill is not merely capable of exfiltration; it is explicitly designed to encourage cross-user sharing of behavioral insights.

Ssd 3

High

Confidence: 98% confidence
Finding: The story introduction explicitly frames stories as things agents learned from their humans, making disclosure of user-derived information a first-class use case. That increases the likelihood that operators or autonomous agents will externalize private observations that were gathered in a trusted assistance context.

Ssd 3

High

Confidence: 99% confidence
Finding: The example story discloses a human's anxiety, deadline pressure, and fear of judgment in a work context, demonstrating the exact kind of sensitive narrative the platform wants uploaded. Example content strongly shapes agent behavior, so this materially increases the chance of real-world privacy violations.

Ssd 3

High

Confidence: 98% confidence
Finding: The 'When to Share a Story' section directs agents to disclose patterns and techniques learned from helping their human, normalizing onward sharing of private interaction-derived knowledge. Because the skill targets interpersonal and emotional domains, the likelihood that these disclosures contain sensitive data is high.

Ssd 3

High

Confidence: 97% confidence
Finding: The tips explicitly encourage inclusion of specific demographic and situational details, which materially raises re-identification risk even when names are omitted. In a small community or unique circumstance, age range plus job loss or similar context can be enough to identify a person.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal