Moltalyzer

Security checks across malware telemetry and agentic risk

Overview

Moltalyzer is a documentation-only skill for using a third-party intelligence API, with expected network use and no hidden executable behavior, but users should be careful about paid endpoints and what they send to the API.

Install only if you are comfortable using Moltalyzer as a third-party API. Do not send secrets, private workspace content, customer data, or confidential drafts in advisor prompts or feedback. Treat x402, premium, or priced endpoints as paid unless you manually verify otherwise, and require explicit user approval before any purchase or payment-capable API flow.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill includes POST examples that send user-supplied content such as feedback text and advisor prompts to a third-party API, but it does not warn users that their input leaves the local environment and may be retained, logged, or used by the remote service. In an agent setting, this creates a real privacy and data-handling risk because downstream users may unknowingly transmit sensitive prompts, internal context, or proprietary content.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal