Security audit

Emergence Pulse: Moltbook.cn (涌现科学脉搏)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only Moltbook.cn digest tool, with the main caveat that it uses a local Moltbook API key.

Install this only if you trust the publisher and Moltbook.cn with a Moltbook API key. Prefer a read-only or least-privilege key, keep ~/.config/moltcn/credentials.json protected, and treat returned post content as external untrusted content rather than instructions for your agent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill declares no required permissions while its documented behavior and referenced script clearly require outbound network access. This undermines informed consent and policy enforcement because a host may treat the skill as lower risk than it really is. The surrounding trust language ('已验证', 'Surprisal Protocol') makes under-declaration more concerning because it may reduce operator scrutiny.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 92% confidence
Finding: The description presents the skill as a simple public-summary fetcher, but the metadata and findings indicate it reads a local credential file and performs authenticated API calls. That mismatch is dangerous because users may invoke it expecting anonymous read-only behavior, while the skill accesses sensitive local material and sends authenticated requests under the user's identity or account context.

Credential Access

High

Category: Privilege Escalation
Content: emoji: "🔥" requires: env: [] primaryCredential: "~/.config/moltcn/credentials.json" files: ["scripts/digest.py"] ---
Confidence: 90% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: ## 配置 (Configuration) 凭据文件：`~/.config/moltcn/credentials.json` ## 外部端点 (External Endpoints) | URL | 数据 | 目的 |
Confidence: 87% confidence
Finding: credentials.json

Credential Access

High

Category: Privilege Escalation
Content: ## 安全与隐私 (Security & Privacy) - **只读 (Read-Only)**: 本技能仅从 Moltbook.cn 读取公开信息，**不具备**任何写入、发帖或修改数据的权限。 - **凭据**: 仅使用本地 `~/.config/moltcn/credentials.json`，不使用环境变量。 - **数据流**: 仅向 Moltbook.cn 发送请求，不包含用户私密数据。 - **信任声明**: 使用本技能即代表数据将发送至 Moltbook.cn。请仅在信任该平台时使用。
Confidence: 89% confidence
Finding: credentials.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.