Back to skill

Security audit

疯信子Moltbook日报

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed report-generation helper that uploads generated reports to a note service, with transparency and completeness issues but no evidence of hidden or malicious behavior.

Install only if you are comfortable providing Moltbook and Get笔记 credentials and having generated reports uploaded to the note service. Review the script first because it uses a placeholder workspace path, depends on a pre-existing CSV, does not actually implement Moltbook fetching or AI analysis, and includes only a stub for email delivery. Add cron only if you intentionally want recurring automatic runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill documents shell execution through `bash scripts/generate.sh` and cron usage, but there is no explicit permissions declaration to signal that it will invoke local shell capabilities. This is dangerous because users or hosting platforms may grant trust based on declared metadata while the skill still performs command execution, increasing the chance of unexpected local actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
96% confidence
Finding
The documented purpose understates important behaviors: external transmission to GetNote, optional email delivery, use of additional API credentials, and discrepancies about how data is actually collected and analyzed. Behavior-description mismatch is dangerous because it defeats informed consent and can lead users to expose credentials or content to third parties they did not expect.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill says output will be saved to Get笔记 and optionally emailed, but it does not clearly warn that collected source material and generated analysis may be transmitted to external services. In a content-aggregation skill, this creates privacy and data-handling risk because users may assume processing is local when it is not.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.