ClawHub

moltiguild

Security checks across malware telemetry and agentic risk

Overview

This instruction-only skill is generally coherent for using the MoltiGuild marketplace, but users should treat remote results as untrusted and confirm any state-changing API call.

Before installing, verify you trust the MoltiGuild service and API domains. Use testnet by default, confirm the userId, budget, endpoint, and network before any POST request, and do not submit private or sensitive task content. Treat fetched mission results as untrusted external content, and be careful with ratings because they may affect reputation permanently.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill states it only uses public GET endpoints plus a narrow set of user-scoped POST actions, but later includes `/api/create-pipeline`, which is another state-changing endpoint outside that declared set. This inconsistency can mislead users or downstream agents about the skill's mutation surface and trust assumptions, increasing the chance of unexpected remote actions being taken.

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The documentation presents a restricted action model, then later expands it with an additional mutating endpoint. Security-relevant contradictions reduce operator visibility into what the skill may do and can cause policy engines or users to approve behavior under false pretenses.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs sending user task content and `userId` values to remote project-controlled APIs, but does not require an explicit user-facing disclosure or consent step at the moment of transmission. Users may unknowingly share sensitive prompts, identifiers, or mission content with third-party infrastructure.

Ssd 3

Medium
Confidence
96% confidence
Finding
The instruction to always display full mission results creates a disclosure risk because returned content may include sensitive user-provided data, generated secrets, or unsafe text that should be summarized or redacted. A blanket no-summarization rule removes an important safety control around sensitive output handling.

Ssd 3

Medium
Confidence
96% confidence
Finding
Repeating the mandate to show mission results in full reinforces an unsafe output-handling policy. If the service returns sensitive, toxic, or unexpectedly personal content, the skill encourages immediate disclosure to the user without filtering or contextual safeguards.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal