Back to skill

Security audit

Moltbook Signed Posts

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward local tool for signing Moltbook posts, with normal key-handling and privacy cautions but no hidden or destructive behavior.

Install only if you are comfortable running local shell scripts that use OpenSSL and creating a durable signing identity. Keep the private key secret, avoid syncing it to shared backups, consider chmod 700 on the key directory, and use separate keys if you do not want Moltbook and other accounts linked.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill instructs users to run shell commands and a local signing script, but it declares no permissions or capability requirements. This can mislead users and agent frameworks about what the skill is allowed to do, reducing transparency and increasing the chance of unexpected command execution in environments that rely on declared permissions for safety review.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The setup creates a long-lived Ed25519 private key under ~/.config/moltbook without any warning about secure storage, filesystem permissions, backup exposure, or consequences of compromise. If that key is exfiltrated through malware, backups, or shared systems, an attacker can produce valid signatures and permanently impersonate the agent's cryptographic identity.

Missing User Warnings

Low
Confidence
88% confidence
Finding
Publishing the same public key in a Moltbook bio and on Twitter improves verifiability, but it also creates a stable cross-platform identifier that can link accounts and activity over time. In some threat models this harms privacy, enables correlation of pseudonymous identities, and makes targeted tracking easier even though the key itself is not secret.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.