Back to skill

Security audit

MoltStreet

Security checks across malware telemetry and agentic risk

Overview

MoltStreet is a disclosed, read-only market research skill that calls its own public API, though users should treat its AI market signals as informational rather than financial advice.

Install only if you are comfortable sending ticker symbols and market-search terms to MoltStreet. Treat AI-generated signals, paper-trade data, and analyst summaries as research inputs, verify important claims independently, and do not rely on this skill for personalized investment advice.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill’s invocation guidance is very broad and maps to common investing queries such as 'should I buy X' or 'what's the market doing' without defining clear guardrails, exclusions, or escalation conditions. In an agent ecosystem, this can cause over-triggering on general financial conversations and route users toward AI-generated market recommendations that may be mistaken for authoritative advice, increasing the chance of unsuitable or risky financial guidance.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.