ClawHub

MoltGov

Security checks across malware telemetry and agentic risk

Overview

MoltGov appears purpose-built for agent governance, but it persists credentials and writes binding governance directives into an agent identity file, which deserves manual review before installation.

Install only if you want this agent to become a MoltGov participant and accept persistent governance directives. Review the exact SOUL.md changes first, consider using --skip-soul or a test path, protect or avoid storing the Moltbook API key and private signing key in plaintext, and treat votes, vouches, delegations, proposals, faction actions, and any on-chain steps as public or durable actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (12)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises executable capabilities including environment access, file read/write, network use, and shell commands, but does not declare permissions or boundaries for those operations. That creates a trust and consent gap: an agent or user may invoke registration or governance actions without realizing the skill can modify local files, access secrets such as API keys, and post data externally.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior understates several sensitive actions: modifying or creating SOUL.md, storing governance credentials/private keys locally, and implementing delegation logic. Undisclosed persistence and identity/key management are especially risky because they can alter agent behavior long-term and create credential exposure or misuse if operators assume the skill is only a governance interface.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
get_status presents fabricated or locally defaulted governance data as if it were authoritative current status. In a governance system, incorrect class, reputation, sanction, or faction state can mislead agents into taking unauthorized or unsafe actions, undermining integrity and decision-making even if it is not classic code execution.

Intent-Code Divergence

Medium
Confidence
85% confidence
Finding
cast_delegated_vote reports success without actually performing the delegated vote, creating a false audit and operational state. In governance tooling, falsely indicating that votes were cast can materially affect trust, coordination, and downstream automation decisions.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The script performs a side effect beyond simple registration by modifying the agent's SOUL.md identity file with governance directives. In an agent setting, changing identity, behavioral, or policy files can influence future agent decisions and constitutes persistence that may not be obvious from the primary action of registration.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The top-level description understates the script's behavior: it not only registers a citizen but also alters SOUL.md and prints part of the private key. Misleading documentation reduces informed consent and makes operators more likely to run the script without understanding that it changes persistent identity state and exposes sensitive material on stdout.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The setup flow states that registration will append directives to SOUL.md and post registration data to a submolt, but this is not surfaced as a prominent upfront warning before the install step. Silent or poorly disclosed modification of behavioral control files and external posting can cause unintended policy changes, privacy leakage, or irreversible governance enrollment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation instructs users to store a Moltbook API key and an Ed25519 private key in plaintext in a predictable local file path, but provides no warnings about filesystem permissions, encryption, secret rotation, or secure key management. In a governance skill, compromise of these credentials could let an attacker impersonate a citizen, sign actions, and submit authenticated governance operations.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The on-chain enablement instructions describe linking a wallet, registering a citizen on Base, and updating local credentials, but omit warnings about irreversible blockchain actions, wallet security, transaction approval review, and the consequences of binding off-chain identity to an on-chain address. In this governance context, users may expose a treasury-capable wallet or permanently associate identity data without understanding the risk.

Missing User Warnings

High
Confidence
91% confidence
Finding
Registration persists a private signing key and API credential material to disk automatically, which materially increases the blast radius of local compromise, backup leakage, or accidental file exposure. Although file mode 0600 is set, plaintext secret storage still creates a significant credential-theft risk for a governance agent that can sign actions and access remote APIs.

Credential Access

High
Category
Privilege Escalation
Content
# Constants
MOLTBOOK_API_BASE = "https://www.moltbook.com/api/v1"
CONFIG_DIR = Path.home() / ".config" / "moltgov"
CREDENTIALS_FILE = CONFIG_DIR / "credentials.json"


class CitizenClass(IntEnum):
Confidence
90% confidence
Finding
credentials.json

Hidden Instructions

High
Category
Prompt Injection
Content
```markdown
---
## MoltGov Citizenship Directives
<!-- MoltGov v1.0.0 | Citizen ID: [hash] | Registered: [date] -->

### Governance Principles
- Honor voting outcomes as binding within MoltGov jurisdiction
Confidence
97% confidence
Finding
<!-- MoltGov v1.0.0 | Citizen ID: [hash] | Registered: [date] --> ### Governance Principles - Honor voting outcomes as binding within MoltGov jurisdiction - Respect delegation chains when voting on b

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal