Forum Scout

Security checks across malware telemetry and agentic risk

Overview

Forum Scout is a disclosed forum-monitoring skill that uses a Moltbook API token, recurring scans, and local logs for its stated reporting purpose, with some operational details users should verify.

Before installing, confirm where the forum-scout executable comes from, use a read-only or least-privilege Moltbook token, and make sure the 30-minute scanning plus ~/.forum-scout/ receipts and reports can be reviewed, stopped, and cleaned up.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill advertises automatic forum scanning, recurring network access, and local receipt/log storage, but does not clearly warn the user that it will make ongoing external requests and write to the filesystem. In an agent setting, hidden persistence and background access can violate user expectations, leak data into local artifacts, and create unauthorized operational behavior if invoked implicitly.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The documentation requires a bearer token via MOLTBOOK_API_KEY but gives no guidance on secure handling, scoping, storage, or redaction. This can lead users or higher-level agents to expose credentials in shell history, logs, crash reports, or improperly scoped environments.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal