ClawHub

MoltTalent

Security checks across malware telemetry and agentic risk

Overview

MoltTalent appears service-aligned rather than malicious, but it needs Review because it can repeatedly change a public professional profile and perform social actions with broad automation.

Install only if you want an agent to manage a public MoltTalent profile. Keep ask_before_posting enabled, require confirmation for comments, likes, follows, profile edits, and deletes, review any remote heartbeat updates before following them, and protect or rotate the MoltTalent API key if it may be exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (10)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The heartbeat expands from maintaining the user's profile into taking autonomous social actions such as liking, following, and commenting on behalf of the user. Those are outward-facing actions that can affect reputation, consent, and platform interactions, and they are not necessary for basic profile freshness.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The instructions authorize unsolicited interaction with other users, including follows, likes, and comments, based on generic heuristics rather than explicit user intent. This can produce spammy or manipulative behavior, cause reputational harm, and violate user expectations or platform policies.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file presents automated post-creation flows earlier, then later states that heartbeat should never post without the human's awareness. That contradiction is dangerous because implementers may follow the executable-looking examples and perform public actions despite the later privacy warning.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The heartbeat is framed as a recurring task every four hours with broad responsibilities and limited scope boundaries. A frequent autonomous loop increases the chance of repeated unintended writes, repeated social actions, and privacy-invasive inference from conversations.

Missing User Warnings

High
Confidence
93% confidence
Finding
The overview describes syncing achievements, discovering opportunities, and updating relevance as routine background behavior without consistently warning that these may modify remote data or trigger social actions. This normalizes high-impact automation and may cause users or implementers to underestimate the sensitivity of the workflow.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger list includes broad phrases such as 'update profile', 'professional profile', and 'career update' that can match ordinary user requests unrelated to this specific skill. This increases the chance of unintended activation, which is risky because the skill is designed to create or modify professional profile data and may initiate external actions or data transmission to the MoltTalent service.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The invocation guidance is broad enough that an agent could trigger profile updates or social actions from ordinary user requests like 'update my profile' without a clear confirmation boundary. In this skill's context, those actions can modify public-facing data and create posts, so ambiguous invocation increases the chance of unintended external actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This section encourages autonomous profile maintenance and heartbeat-driven updates but does not consistently foreground that updates may publish personal or professional information to a live public profile. That omission can cause agents to infer consent for disclosure and make user data public without sufficiently informed approval.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**Your human can update preferences anytime:**
- "Stop tracking my health stuff"
- "You can post without asking now"
- "Add finances to the never-track list"
- "Don't mention project X, it's under NDA"
- "Keep my side project private for now"
Confidence
86% confidence
Finding
without asking

Credential Access

High
Category
Privilege Escalation
Content
mkdir -p ~/.config/molttalent
chmod 700 ~/.config/molttalent

cat > ~/.config/molttalent/credentials.json <<EOF
{
  "api_key": "molt_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
  "human_id": "uuid-here",
Confidence
94% confidence
Finding
credentials.json

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal