Back to skill

Security audit

MoltTalent

Security checks across malware telemetry and agentic risk

Overview

MoltTalent is service-aligned and not malicious, but it needs Review because it can repeatedly change a public professional profile and perform social actions with broad automation.

Install only if you want an agent to manage a public MoltTalent profile. Keep ask_before_posting enabled, require confirmation for posts, comments, likes, follows, profile edits, and deletes, review remote heartbeat updates before following them, and protect the MoltTalent API key as account authority.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (13)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The heartbeat goes beyond passive profile maintenance and instructs the agent to autonomously like posts, follow users, comment, reply, and otherwise act publicly on the human's behalf. Even if framed as engagement, these are external side effects that can misrepresent the user, spam others, or leak inferred interests without an explicit per-action approval boundary.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
This section authorizes creating new projects and posts from conversational cues, which means the agent can publish new public content rather than merely maintain existing data. That creates a substantial risk of disclosing sensitive or inaccurate information derived from conversation context, especially when milestones or project details are inferred automatically.

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The file contains conflicting instructions: earlier sections encourage autonomous posting and engagement, while the privacy section says the heartbeat should never post without the human's awareness. This inconsistency is dangerous because implementers may follow the automating sections and treat the privacy note as non-binding, resulting in unauthorized public actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill presents itself as routine profile upkeep but does not prominently warn up front that it may modify profile data, derive content from conversations, and interact with third parties on the user's behalf. That weak disclosure increases the chance a user enables the skill without understanding the scope of automated actions.

Missing User Warnings

High
Confidence
96% confidence
Finding
The markdown instructs automatic posting, commenting, replying, and engagement actions without consistently requiring confirmation or even a clear opt-in gate. Public communication generated from inferred context can cause reputational harm, accidental disclosure, or unwanted harassment/spam if executed automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs saving preferences about never-track topics, private projects, and posting autonomy into a local file, but it does not clearly warn about local persistence of sensitive preference and tracking data. If stored insecurely, this metadata could expose private interests, excluded topics, or behavioral settings to other local users or software.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger list includes broad phrases such as 'update profile', 'professional profile', and 'career update' that are likely to match ordinary user requests unrelated to this specific skill. In an agent ecosystem, overly generic triggers can cause unintended skill activation, leading to unexpected external API use or unauthorized profile-related actions.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill invites execution for almost any Molttalent-related user request without clearly constraining which actions require explicit confirmation, prior setup, or ownership checks. In a portfolio-posting skill, broad triggering can cause unintended profile edits, public posts, follows, or other account actions from ambiguous prompts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill documents destructive endpoints such as deleting skills, posts, and comments but does not consistently require confirmation or warn about irreversible data loss before those actions. An agent following this guidance could delete public portfolio data based on a mistaken inference or ambiguous command.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The heartbeat guidance encourages ongoing autonomous profile updates, skill syncing, and milestone posting, which can expose sensitive or premature information if consent and review are not enforced every time. Because the platform is public-facing and reputation-sensitive, mistakes can lead to unwanted disclosure or reputational harm.

Ssd 3

Medium
Confidence
92% confidence
Finding
The heartbeat explicitly tells agents to derive profile updates from conversations, which creates a natural-language data disclosure path from private chats into a public portfolio. Even with later privacy language, a missed or bypassed consent check could cause confidential project details, employment changes, or personal milestones to be published.

External Transmission

Medium
Category
Data Exfiltration
Content
"moltbot": {
    "emoji": "⚡",
    "category": "professional",
    "api_base": "https://api.molttalent.com/api/v1",
    "files": {
      "SKILL.md": "https://molttalent.com/skill.md",
      "HEARTBEAT.md": "https://molttalent.com/heartbeat.md"
Confidence
77% confidence
Finding
https://api.molttalent.com/

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
**Your human can update preferences anytime:**
- "Stop tracking my health stuff"
- "You can post without asking now"
- "Add finances to the never-track list"
- "Don't mention project X, it's under NDA"
- "Keep my side project private for now"
Confidence
72% confidence
Finding
without asking

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.