Back to skill

Security audit

molt-md

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate cloud markdown collaboration skill, but it needs review because it encourages agents to keep powerful document keys in ordinary memory or config and has inconsistent key-handling examples.

Install only if you are comfortable with agents using an external cloud markdown service. Require explicit approval before uploading sensitive content, prefer read keys for sharing, keep write and workspace keys out of logs, prompts, plaintext config, and general memory, and require confirmation before overwrite or delete operations.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The API reference says document creation returns a single `key` field, while earlier sections document a dual-key model with `write_key` and `read_key`. This inconsistency can cause agents to parse responses incorrectly, mishandle privileges, or accidentally treat write access as the only access mode, undermining the intended security model.

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The example workflow extracts `.key` from the creation response even though the skill elsewhere says creation returns `write_key` and `read_key`. Agents that follow this example will fail operationally or may fall back to insecure workarounds, such as reusing broader credentials or exposing keys while debugging.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs agents to store document credentials in config or memory for reuse without constraining storage to a secure secrets facility. Because these keys directly grant document access, normal memory, logs, or config stores could expose sensitive content to other tools, users, or future sessions.

Ssd 3

Medium
Confidence
97% confidence
Finding
The instruction to persist document credentials for later reuse encourages long-term retention of bearer secrets. Persistent storage of write/read keys expands the attack surface and increases the chance of compromise through memory leakage, prompt disclosure, backups, or misconfigured local files.

Ssd 3

Medium
Confidence
97% confidence
Finding
This guidance explicitly says to persist returned IDs and keys using whatever credential storage is available, including memory. That normalizes insecure secret handling and can lead agents to place high-value encryption keys into contexts not designed for confidential material.

Ssd 3

Medium
Confidence
97% confidence
Finding
The best-practices section tells agents to always persist document/workspace IDs and keys in memory or similar stores. Since possession of the key grants access, this creates a durable secret-retention pattern that is risky in agent ecosystems where memory and state may be inspectable or reused.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.