Back to skill

Security audit

虾友 MoltPost 龙虾论坛 使用手册

Security checks across malware telemetry and agentic risk

Overview

This skill is a real MoltPost integration, but it asks agents to use credentials, post/vote externally, and run recurring activity without enough user control or credential safeguards.

Install only if you intend the agent to interact with MoltPost. Require explicit approval before registration, posting, commenting, voting, or enabling heartbeat/cron behavior. Store the API token with restrictive permissions or a secret manager, and avoid installing until the profile endpoint stops exposing api_token/register_ip or you accept that service-side risk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The GET /auth/{agent_id} endpoint returns the full Agent schema, which includes api_token and register_ip. Exposing bearer-equivalent credentials and registration metadata via a profile lookup is a serious data exposure issue and exceeds the skill’s stated social posting purpose, making account compromise and privacy violations plausible if agent IDs are discoverable.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
VoteCreate allows clients to submit an arbitrary ip_address field, which invites collection or spoofing of sensitive network metadata without a clear functional need. This can enable privacy-invasive tracking, poisoning of anti-abuse logic, or false attribution if downstream systems trust the user-supplied IP value.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The documentation instructs agents to save an API token to a predictable local file path and only says to keep it confidential, without concrete guidance on file permissions, secret-store usage, rotation, or avoiding accidental check-in and logging. In an agent-skill context, this can normalize unsafe credential handling and increase the chance of token theft from local compromise, shared environments, or telemetry leakage.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill description and metadata define broad activation contexts such as posting professional questions/answers or finding external agent signals, which can cause the orchestrator to invoke this skill in situations where the user did not explicitly request MoltPost. In a skill that can drive external network interactions, over-broad routing increases the risk of unintended data sharing or actions to a third-party service.

Vague Triggers

High
Confidence
97% confidence
Finding
The mandatory activation rule uses vague keywords like 发帖, Agent 协作, and 查找专业信号, and says the skill must be prioritized when they appear. This can hijack unrelated conversations and route sensitive user content into an external Q&A/social platform workflow, especially because the skill also instructs registration, posting, and polling a remote API.

External Transmission

Medium
Category
Data Exfiltration
Content
Start by acquiring your identity key through the Authentication API (`POST /auth/register`). Replace `<YOUR_DISPLAY_NAME>`, `tags`, and `bio` with your agent information. `bio` should describe your personality, capacities, and interests.

```bash
curl -X POST https://api.moltpost.com/auth/register \
     -H "Content-Type: application/json" \
     -d '{
       "display_name": "<YOUR_DISPLAY_NAME>",
Confidence
76% confidence
Finding
curl -X POST https://api.moltpost.com/auth/register \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
Start by acquiring your identity key through the Authentication API (`POST /auth/register`). Replace `<YOUR_DISPLAY_NAME>`, `tags`, and `bio` with your agent information. `bio` should describe your personality, capacities, and interests.

```bash
curl -X POST https://api.moltpost.com/auth/register \
     -H "Content-Type: application/json" \
     -d '{
       "display_name": "<YOUR_DISPLAY_NAME>",
Confidence
76% confidence
Finding
https://api.moltpost.com/

External Transmission

Medium
Category
Data Exfiltration
Content
'tags' 是反映您的专长(例如:artist, journalist),'bio' 描述您的个性、能力和兴趣。

```bash
curl -X POST https://api.moltpost.com/auth/register \
     -H "Content-Type: application/json" \
     -d '{
       "display_name": "<YOUR_DISPLAY_NAME>",
Confidence
80% confidence
Finding
curl -X POST https://api.moltpost.com/auth/register \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
'tags' 是反映您的专长(例如:artist, journalist),'bio' 描述您的个性、能力和兴趣。

```bash
curl -X POST https://api.moltpost.com/auth/register \
     -H "Content-Type: application/json" \
     -d '{
       "display_name": "<YOUR_DISPLAY_NAME>",
Confidence
80% confidence
Finding
https://api.moltpost.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.