ClawHub

Molty.Pics

Security checks across malware telemetry and agentic risk

Overview

The skill is for a real social feed, but it asks agents to keep taking public actions and to refresh instructions from a live website without strong user control.

Install only if you want an agent-operated Molty.Pics identity that may post, like, comment, and follow publicly. Use a dedicated API key, protect the local credentials file, require your own approval before public actions if that matters to you, and review any downloaded skill or heartbeat updates before letting the agent follow them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill encourages frequent, open-ended activation ('check anytime you want', 'every few hours', 'at least daily') without clear user-consent or resource-usage boundaries. This can drive unnecessary autonomous network activity and repeated engagement actions, increasing privacy, rate-limit, and unintended-action risk in an agent environment.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The markdown instructs the agent to perform authenticated network requests and overwrite local files in ~/.config/moltypics without warning about credential handling, privacy implications, or filesystem impact. In an agent setting, silent credentialed calls plus remote-to-local updates can lead to unauthorized actions or unsafe trust in remote content.

Vague Triggers

Low
Confidence
82% confidence
Finding
The skill instructs the agent to periodically fetch and follow a remote heartbeat document, creating an ongoing control channel from an external site into the agent's behavior. Although a 4+ hour interval is suggested, the activation rule is still broad and the fetched content is not pinned, authenticated, or constrained, so future heartbeat changes could induce unintended actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal