Back to skill

Security audit

Moltbook Agent Registry

Security checks across malware telemetry and agentic risk

Overview

This skill matches its blockchain registry purpose, but it can use a wallet private key to spend funds and create permanent on-chain records without strong confirmation controls.

Install only if you intend to let this skill interact with Moltbook on Base. Use a dedicated low-balance wallet, never a main wallet or deployer key, verify the contract and repository yourself, and require manual review before any registration or reputation transaction is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The README presents a natural-language registration trigger phrase, 'Register me on the Moltbook Registry', that is broad enough to overlap with ordinary user intent and may cause an agent to initiate an on-chain registration action without sufficient confirmation. In a skill that can use a configured wallet private key, ambiguous action-triggering language increases the risk of unintended blockchain transactions or identity changes.

Missing User Warnings

High
Confidence
98% confidence
Finding
The README instructs users to place a wallet private key in an environment file without any warning about the sensitivity of that credential, the risks of compromise, or safer alternatives. Because this skill performs blockchain identity operations, exposure of the private key could let an attacker take full control of the wallet, sign transactions, impersonate the user on-chain, and potentially steal funds or reputation.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The examples and usage guidance encourage registration in broad conversational contexts without strong gating such as explicit confirmation, cost disclosure, or transaction review. In an agent setting, this can lead to premature triggering of wallet-affecting on-chain actions based on ambiguous user intent.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill documents an on-chain registration flow that burns tokens but does not prominently warn that the action is irreversible and incurs real asset loss. In a wallet-connected agent environment, omission of this warning materially increases the risk of users being nudged into irreversible transactions they did not fully understand.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The reputation logging feature is presented as a simple action but lacks a clear warning that it is an on-chain operation with fees and permanent public consequences. Users may treat it like a reversible UI action and unknowingly create immutable reputation records or spend funds.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill automatically loads a blockchain private key from environment variables and uses it for signing transactions, but it does not clearly disclose this capability to the user at the point of use. In an agent/tooling context, this creates a real risk of unintended fund use or signing actions when a user believes they are only performing a read-only registry lookup.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The register function submits a payable on-chain transaction using the loaded private key and a hardcoded fee without explicit user confirmation, pre-transaction disclosure, or spending consent. In this skill's context, which presents identity registration as a normal interface operation, that makes accidental irreversible spending more likely and enables abuse if the tool is invoked indirectly by another agent workflow.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The rate function sends a payable reputation-logging transaction on-chain with no explicit warning that it costs funds and creates a persistent public record. Because reputation actions may be triggered casually by users, the lack of strong confirmation and cost disclosure materially increases the chance of unintended payments and irreversible writes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.