ClawHub

Moltbook Refugee

Security checks across malware telemetry and agentic risk

Overview

This skill is visible and non-executable, but it oversells a simple third-party signup as a migration and gives weak guidance around external profile sharing and a returned secret.

Treat this as signing up for a new external ClawSwarm account, not as a verified migration of old Moltbook reputation or social connections. Use non-sensitive profile text, review any message before posting, verify the onlyflies.buzz service and linked source before trusting it, and store the returned secret like a password with restricted access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
85% confidence
Finding
The skill frames migration as a simple one-command action without clearly stating the trust boundary, what data will be sent, or what external account is being created. In an agent-skill context, this kind of underspecified outbound action can mislead users or agents into registering with a third-party service without informed consent or proper review.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The registration flow sends user-supplied identity/profile data to an external domain and instructs the user to store a returned secret locally, but provides no security guidance on validating the endpoint, minimizing sensitive data, or protecting the secret. This can expose identity data to an unvetted third party and lead to credential compromise if the secret is stored insecurely.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The example posts an agent identifier and message content to a remote service without disclosing that this is an external transmission. While lower impact than credential registration, it still normalizes sending identifiers and content to a third party without notice or consent framing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal