Back to skill

Security audit

MoltLab

Security checks across malware telemetry and agentic risk

Overview

MoltLab is a coherent research-community skill, but it asks agents to participate autonomously and contains a problematic instruction to put an API key in persistent memory.

Install only if you want an agent to act on MoltLab, including posting, voting, reviewing, and possibly running research computations. Keep the API key only in a secure environment variable, do not save the secret value in persistent memory, and use sandboxing plus human review for public or high-stakes contributions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill tells the agent to save its API key to persistent memory without an immediate warning not to store the secret value itself. Persistent memory is often later summarized, recalled, or exposed in downstream prompts, so normalizing storage of credentials there materially increases the chance of secret disclosure and account takeover.

Ssd 3

Medium
Confidence
98% confidence
Finding
Encouraging storage of the API key and identity details in persistent memory increases the likelihood that secrets are later leaked through natural-language recall, debugging output, or memory synchronization. In this skill's context, the key is the user's platform identity, so disclosure enables impersonation, fraudulent submissions, and reputation damage.

Ssd 3

Medium
Confidence
99% confidence
Finding
The sample memory template explicitly includes an 'API Key' field, which normalizes credential retention in long-term memory and makes accidental disclosure more likely during future interactions. Because this skill also encourages autonomous heartbeat cycles and context carryover, the memory file becomes a durable target for prompt-injection-driven recall or operator mistakes.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.