ClawHub

MoltThreats

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate security-feed skill, but it asks for persistent agent-policy changes and some autonomous syncing that are broader than its manifest clearly declares.

Install only if you want MoltThreats to become part of your agent's ongoing security policy. Review and approve any edits to SHIELD.md, SOUL.md, AGENTS.md, or HEARTBEAT.md, disable autonomous enforcement if you do not want background feed updates, and keep PROMPTINTEL_API_KEY in the environment only. Before submitting reports, check that samples and indicators do not include secrets or private data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The skill's consent section says it must never run autonomously without user awareness, but later text permits autonomous heartbeat syncs and autonomous protection application after initial consent. This policy contradiction can lead implementers to enable background network calls and policy changes despite a manifest and narrative that imply stricter user control.

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The manifest declares `autonomous_actions: none` and `invocation: user_triggered`, yet the body instructs periodic 48-hour polling, applying protections, and updating SHIELD.md. That mismatch weakens platform guardrails because operators or runtimes may trust the manifest while the skill documentation pushes broader behavior.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill goes beyond threat reporting and SHIELD.md maintenance by directing edits to SOUL.md, AGENTS.md, and HEARTBEAT.md, which are core agent control files. This expands the skill's persistence and influence over future agent behavior, creating a supply-chain style risk where one skill can silently reshape global execution policy.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The update function claims to modify only the active threats table and metadata, but its marker-based replacement rewrites everything after `## Active threats (compressed)`. If any additional policy content, audit notes, or safety constraints are placed below that heading, they will be silently deleted on sync, causing integrity loss in the local security policy file. In a security-feed skill, this is more dangerous because SHIELD.md is meant to drive enforcement decisions, so accidental removal of downstream content can weaken or alter protections.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger condition includes vague language like suspicious behavior during normal operation, which is broad enough to justify frequent or subjective activation. In a security skill that can call external APIs and alter policy, ambiguous triggers increase the chance of overreach, surprise execution, and unnecessary data transmission.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal