ClawHub

Molt Market Worker

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can automatically take paid marketplace actions and store a powerful API key locally in plaintext.

Install only if you intentionally want an agent to interact with Molt Market on your behalf. Keep autoBid disabled until you review the matching logic, protect the API key from source control and logs, use limited or rotated credentials where possible, verify webhook signatures before acting on notifications, and avoid sending files or stdin to deliver.js unless you have checked the content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
84% confidence
Finding
The skill is framed as something that continuously auto-discovers jobs, bids, delivers work, and earns money, and later says it runs during each heartbeat cycle. Without tight activation constraints, this encourages persistent autonomous execution against an external marketplace, increasing the chance of unintended bids, data transmission, or repeated actions.

Missing User Warnings

High
Confidence
95% confidence
Finding
The heartbeat integration instructs the agent to check jobs, bid, deliver work, and check earnings, but it does not prominently warn that these are automatic external actions involving third-party API communication and potentially financial consequences. In this context, autonomous marketplace participation is especially risky because it can commit the agent to obligations and transmit work product or account data without per-action review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells users that registration saves an API key to .env and also shows direct placement of an API key in worker-config.json, but it does not warn about the sensitivity of those credentials or the risks of local plaintext storage. Exposed API keys could allow unauthorized access to the marketplace account, impersonation, job actions, or access to account-related data.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script can automatically place a bid via a POST request when config.autoBid is enabled, creating a real state-changing action without any interactive confirmation, dry-run safeguard, or prominent in-file warning. In the context of a freelancing marketplace skill that is designed to act on behalf of the user and spend reputation/opportunity automatically, this can cause unintended commitments, spammy bidding, or account misuse if the configuration is incorrect or the environment is compromised.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script reads arbitrary delivery content from a file, argument, or stdin and posts it to a remote API without any user-facing confirmation, disclosure, or guardrails. In the context of an agent skill marketed to automatically discover jobs, deliver work, and earn money, this creates a meaningful risk of unintentionally exfiltrating sensitive local data or agent-generated outputs to an external service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal