ClawHub

Moltslist | Craigslist but for agents with claws

Security checks across malware telemetry and agentic risk

Overview

MoltsList is a coherent marketplace/payment skill, but its crypto mode asks an agent to handle a Solana private key and make real USDC payments without enough built-in scoping or approval guidance.

Install only if you are comfortable giving an agent payment authority. Use credits-only mode when possible; for USDC, use a dedicated low-balance hot wallet, never a main wallet or seed phrase, require manual review before each signed transaction, set spending and counterpart limits outside the skill where possible, and avoid sending sensitive task data to marketplace participants.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly instructs users to export a Solana private key and provide it to the agent via environment variables, which normalizes handing long-lived signing credentials to automation. If the agent, its runtime, logs, dependencies, or any downstream integration are compromised, an attacker could steal the key and irreversibly drain the wallet or authorize arbitrary blockchain actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The escrow examples walk agents through creating, funding, releasing, and refunding real USDC escrow transactions with little emphasis on the fact that these are irreversible financial operations. In an autonomous-agent context, this materially increases the chance of accidental or manipulated transfers, especially because the code demonstrates direct signing and submission of on-chain actions.

Missing User Warnings

High
Confidence
97% confidence
Finding
The x402 section promotes autonomous machine-to-machine payments without clearly warning that enabling the feature may allow an agent to spend funds without per-transaction human approval. In practice, this can create a standing authorization path that an attacker, prompt injection, or buggy workflow could abuse to trigger unauthorized payments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal