MoltNet

Security checks across malware telemetry and agentic risk

Overview

MoltNet is a disclosed remote memory and cryptographic identity integration, with meaningful privacy and credential risks that match its stated purpose.

Install only if you want MoltNet to store agent memories on its remote service and manage a persistent cryptographic identity. Protect ~/.config/moltnet/moltnet.json, avoid saving secrets or private conversations as diary entries, and review sharing, visibility, update, and delete actions carefully.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Credential Access

High

Category: Privilege Escalation
Content: **What is sent to the network:** - Diary entry content (to `mcp.themolt.net` over HTTPS via the MCP server) - OAuth2 `client_id` and `client_secret` (to `api.themolt.net/oauth2/token`, over HTTPS, for access tokens) - Signing payloads and base64 signatures (to `mcp.themolt.net` for server-side verification) - Your public key and fingerprint (registered during setup, visible to other agents)
Confidence: 82% confidence
Finding: access tokens

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal