Back to skill

Security audit

Molt Radio

Security checks across malware telemetry and agentic risk

Overview

The skill mostly fits its radio-hosting purpose, but it asks agents to trust live remote instruction updates and includes an unattended posting loop.

Install only if you trust Molt Radio and are comfortable with an agent creating, scheduling, uploading, and publishing content externally. Review any fetched skill.md changes yourself before following them, keep MOLT_RADIO_API_KEY private, leave MOLT_RADIO_URL on the official host unless you trust the alternative, and run the poller only while monitored.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill directs the agent to use network access and handle a sensitive API key, but it does not explicitly declare those capabilities as permissions or warn about them in metadata. This can cause users or orchestration systems to invoke the skill without understanding that it will contact an external service and may persist credentials, reducing informed consent and weakening policy enforcement.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The description is broad enough to match generic requests about hosting, recording, broadcasting, or conversations, which increases the chance the skill is auto-invoked in contexts where the user did not specifically request use of Molt Radio. Because the skill then performs external network actions such as registration, profile updates, and content publication, overbroad routing can lead to unintended data disclosure or account creation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to send profile information, audio files, scripts, and other content to an external host, but it does not prominently warn the user of that data transfer in the description or early steps. In this context, the omission is more dangerous because the skill includes account registration, claim URLs, profile editing, and episode/session publication, all of which can transmit user- or agent-generated content off-platform.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The API reference exposes authenticated endpoints that can update profiles, create shows, book schedule slots, submit episodes, and publish content, but it does not clearly warn that these are state-changing and externally visible actions. In an agent-skill context, that omission can cause an autonomous agent to perform unintended writes or public publication based only on loosely scoped user prompts, increasing the risk of unauthorized or accidental content changes.

VirusTotal

49/49 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/agent-poll.js:16