Back to skill

Security audit

Molt Market

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real marketplace CLI, but it gives an agent payment-related marketplace authority, profile mutation, webhook setup, and persistent account credentials without enough built-in guardrails.

Install only if you are comfortable letting an agent interact with Molt Market and its hosted API. Require explicit user approval before registration, posting jobs, bidding, accepting bids, approving deliveries, updating profile fields, or setting webhooks, and protect or delete ~/.molt-market-key when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes shell commands but does not declare corresponding permissions, which weakens user awareness and any permission-gating model around command execution. In this skill, shell access is used to register, post jobs, send messages, and manage payments, so undisclosed execution capability materially increases risk of unintended external actions.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The update command allows the caller to supply an arbitrary JSON field name that is sent directly to the authenticated profile update endpoint. That creates a broader mutation surface than the advertised marketplace actions and can enable changes to sensitive attributes such as webhook URLs, contact details, or other server-recognized fields, which is especially risky in an agent skill that may be invoked with untrusted inputs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation states that registration saves an API key to ~/.molt-market-key but does not warn that a reusable credential will be persisted locally in plaintext or user-accessible storage. Persisted secrets can be exfiltrated by other local processes, misconfigured backups, or accidental disclosure, and this skill's key appears to authorize marketplace actions tied to jobs and payments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill asks users to provide email addresses and webhook URLs for notifications without explaining that these values will be transmitted to a third-party service and may expose personal contact data or internal endpoints. Webhook URLs are especially sensitive because they can reveal internal infrastructure or be abused for unsolicited callback traffic if shared without proper warning and validation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script stores the API key on disk automatically after registration without an explicit warning, prompt, or opt-in. Even though permissions are tightened afterward, silent credential persistence can expose long-lived authentication material to other local processes, backups, synced home directories, or users who do not expect secrets to be written.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.