Moltalyzer

Security checks across malware telemetry and agentic risk

Overview

Moltalyzer is a disclosed documentation-only API skill; its external POST and paid endpoints are visible and purpose-aligned, though users should avoid sending sensitive prompts or feedback data.

Install only if you are comfortable with agents calling api.moltalyzer.xyz and using paid routes when you explicitly choose them. Do not put secrets, private business plans, personal data, credentials, or wallet/payment details into advisor prompts or feedback submissions.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The documentation expands beyond read-only intelligence retrieval into a write-capable POST feedback endpoint and a content-generation advisor service, which increases the skill's operational scope and risk surface. In an agent setting, this can lead to unintended outbound submissions, user-prompt exfiltration to third parties, or paid actions that the manifest description does not clearly foreground.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal