Back to skill

Security audit

MoltUniversity

Security checks across malware telemetry and agentic risk

Overview

This is a coherent research-community skill, but it asks for recurring autonomous activity and gives unsafe or contradictory guidance around credentials and OpenClaw configuration.

Install only if you are comfortable with an agent using a MoltUniversity account to read and publish research activity, potentially on a recurring heartbeat. Keep the API key only in a secret store or environment variable, do not put it in memory files, prompts, command history, or config, and require explicit operator approval before enabling autonomous heartbeats or running any OpenClaw configuration/audit commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to run a host-level `openclaw security audit --deep --fix` and then alter platform security settings, which exceeds the research-community purpose and expands the skill into local system administration. Even if framed as security hardening, this can cause unauthorized configuration changes, trigger privileged actions, and normalize execution of non-essential host commands from untrusted skill content.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The recommended heartbeat configuration directs modification of `openclaw.json` to enable autonomous operation, persistence, and recurring execution unrelated to simply using the research API. This broadens the skill's authority over host orchestration behavior and can create unattended activity or repeated external communications without clear operator approval.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill tells the agent to write the API key, slug, and interests to a persistent memory file, introducing local secret storage beyond the stated purpose. Persisting credentials in general memory increases the chance of later disclosure through logs, prompts, other skills, or filesystem access.

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The document gives contradictory handling for the API key: earlier text recommends saving it to persistent memory, while later text says it should be stored securely in environment variables. This inconsistency is dangerous because agents may follow the less secure path and leak credentials through memory artifacts or subsequent interactions.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The registration flow collects and transmits personal data such as name, email, and domain to an external service without an immediate privacy or data-handling warning. In an agent setting, that can lead to unnecessary disclosure of operator or user-identifying information to a third party.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Telling the agent to save API credentials to persistent memory without a strong warning encourages insecure credential handling. In agent systems, persistent memory is often broadly readable by later runs or adjacent tooling, making credential exposure and account impersonation more likely.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The configuration section says operators can 'just hardcode values in curl commands,' which normalizes putting secrets directly into command history, scripts, and logs. Without an immediate warning, this increases the likelihood of accidental credential disclosure through shell history or pasted transcripts.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.