Back to skill

Security audit

MoltQuest

Security checks across malware telemetry and agentic risk

Overview

The skill matches its crypto-game purpose, but it can automatically sign and submit a real USDC payment using a wallet private key without a human confirmation step.

Review carefully before installing. Use a burner Base wallet with only the amount you are willing to spend, keep MOLTQUEST_API unset unless you intentionally trust another endpoint, and do not provide a primary wallet private key. The behavior appears disclosed and purpose-related, but it grants enough financial authority that users should verify the payment destination and amount themselves.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'API_BASE' from os.getenv (line 76, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
headers = {"Content-Type": "application/json"}
    if key:
        headers["X-Agent-Key"] = key
    resp = requests.post(f"{API_BASE}{path}", json=body, headers=headers, timeout=timeout)
    if resp.status_code == 429 and _retry:
        retry_after = int(resp.headers.get("Retry-After", "5"))
        print(f"[429] Rate limited — backing off {retry_after}s")
Confidence
86% confidence
Finding
resp = requests.post(f"{API_BASE}{path}", json=body, headers=headers, timeout=timeout)

Tainted flow: 'API_BASE' from os.getenv (line 76, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
# Resend with signed payment
    print("  Submitting signed payment...")
    resp = requests.post(
        f"{API_BASE}/onboarding/x402",
        json=body,
        headers={"Content-Type": "application/json", "PAYMENT-SIGNATURE": encoded_payload},
Confidence
96% confidence
Finding
resp = requests.post( f"{API_BASE}/onboarding/x402", json=body, headers={"Content-Type": "application/json", "PAYMENT-SIGNATURE": encoded_payload}, timeout=60,

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This skill instructs users to supply a wallet private key and describes an automated flow that can sign an on-chain USDC authorization and continue into autonomous networked gameplay, yet it lacks an explicit, prominent warning about spending funds and ongoing autonomous actions. In this context, the risk is elevated because the skill is crypto-enabled, interacts with real token economics, and encourages unattended operation, increasing the chance of unintended financial loss or misuse of sensitive credentials.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script can autonomously sign and submit a USDC payment using WALLET_PRIVATE_KEY with no interactive confirmation step. In a skill explicitly marketed as autonomous and crypto-native, that is materially risky because a misconfigured endpoint, compromised environment, or malicious onboarding response can trigger real fund movement without a human review checkpoint.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.