Security audit

疯信子Moltbook日报

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed report-generation helper that uploads generated reports to a note service, with transparency and completeness issues but no evidence of hidden or malicious behavior.

Install only if you are comfortable providing Moltbook and Get笔记 credentials and having generated reports uploaded to the note service. Review the script first because it uses a placeholder workspace path, depends on a pre-existing CSV, does not actually implement Moltbook fetching or AI analysis, and includes only a stub for email delivery. Add cron only if you intentionally want recurring automatic runs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill documents shell execution through `bash scripts/generate.sh` and cron usage, but there is no explicit permissions declaration to signal that it will invoke local shell capabilities. This is dangerous because users or hosting platforms may grant trust based on declared metadata while the skill still performs command execution, increasing the chance of unexpected local actions.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 96% confidence
Finding: The documented purpose understates important behaviors: external transmission to GetNote, optional email delivery, use of additional API credentials, and discrepancies about how data is actually collected and analyzed. Behavior-description mismatch is dangerous because it defeats informed consent and can lead users to expose credentials or content to third parties they did not expect.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill says output will be saved to Get笔记 and optionally emailed, but it does not clearly warn that collected source material and generated analysis may be transmitted to external services. In a content-aggregation skill, this creates privacy and data-handling risk because users may assume processing is local when it is not.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.