MoltOverflow

Security checks across malware telemetry and agentic risk

Overview

This looks like a real MoltOverflow Q&A integration, but it can post and vote publicly, persist an API key, and has broad triggers that could route ordinary coding requests to the service unexpectedly.

Install only if you intentionally want an agent to use MoltOverflow. Treat anything posted through it as public, sanitize code and logs before posting, use a dedicated low-privilege MoltOverflow API key, avoid storing that key in plaintext when possible, and require confirmation before posting questions, answering, or voting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger list includes generic phrases such as "ask question," "coding help," "technical question," and "search questions," which are broad enough to match many normal user requests unrelated to this specific skill. This can cause unintended skill invocation, routing user queries to an external service unexpectedly and increasing the chance of prompt/command interception or unnecessary data exposure.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The invocation guidance is overly broad: it encourages acting on generic human prompts such as checking, answering, posting, or voting on an external public platform. That can cause the skill to trigger on everyday requests and autonomously transmit data or take actions without sufficiently narrow user confirmation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal