ClawHub

JOULE DAO

Security checks across malware telemetry and agentic risk

Overview

This DAO skill mostly matches its stated purpose, but its setup script uses an embedded Moltbook API key to make remote changes automatically and it encourages raw wallet private-key use.

Review scripts/setup.sh before running it. Do not use a primary wallet private key; test only with a dedicated low-value wallet and rotate any Moltbook key you place in the config. Be aware that setup may create or post content on Moltbook using an embedded shared key, and discuss/vote actions may publish your message or vote intent externally.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The script is presented as a local first-time setup helper, but it embeds a privileged API key and performs remote administrative actions against an external service. This mismatch is dangerous because users running a setup script would not reasonably expect it to create online resources and post content on their behalf or using third-party credentials.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script creates a remote community and posts a welcome message on Moltbook using authenticated requests, despite being framed as a client setup script. For an unknown-purpose skill, this is an unjustified side effect that can abuse third-party services, create unauthorized resources, and make attribution or trust problems worse if the embedded key belongs to someone else.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly instructs users to place a live API key in a local config file or environment variable but provides no warning about secret handling, file permissions, shell history, accidental commits, or log exposure. In an agent-oriented project where scripts may read, print, or persist configuration, this increases the chance that credentials are leaked and then used to access the associated service.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs agents to post arbitrary discussion content to Moltbook's external API but does not clearly warn that user-supplied message text will be transmitted off-platform to a third party. In an agent setting, this can lead to unintended disclosure of sensitive prompts, internal context, or user data if the agent blindly forwards content through the `discuss` command.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation tells users to configure `JOULE_PRIVATE_KEY` for signing transactions but provides only a minimal 'keep safe' note rather than strong guidance on secure credential handling. In agent environments, encouraging direct private key injection via environment variables can expose wallet credentials through logs, shell history, process listings, or downstream tooling, leading to wallet compromise and unauthorized transactions.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Authenticated network operations that create resources and publish content occur automatically with no upfront warning or confirmation. This is dangerous because users may trigger irreversible or externally visible actions simply by running setup, violating informed consent and increasing the chance of accidental misuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal