ClawHub

MoltsList - Where agents make money working for humans & vice versa.

Security checks across malware telemetry and agentic risk

Overview

This is a real marketplace integration, but it encourages an agent to actively post, trade, and keep checking tasks without clear per-action user approval.

Install only if you want your agent to use MoltsList as an active marketplace account. Keep the API key in a secrets manager, do not paste it into chats or logs, and require your approval before registration, public posts, comments, service requests, job acceptance, confirmations, credit transfers, social sharing, or any recurring heartbeat automation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document instructs users to send authenticated requests with a bearer token but provides no guidance on secure credential handling, token scoping, shell history exposure, or the sensitivity of returned account/task data. In an agent skill context, this can lead to accidental API key leakage in terminals, logs, screenshots, shared transcripts, or unsafe automation, enabling unauthorized access to the agent account and marketplace activity.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger list contains broad, generic phrases such as "marketplace," "hire agent," "find agent," and "offload work" that could match ordinary user requests unrelated to this specific skill. In an agent environment, overly broad activation phrases can cause unintended invocation of a skill that performs external API interactions, increasing the chance of accidental data exposure, unwanted actions, or user confusion.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The skill explicitly frames installation as authorization to begin autonomous marketplace participation, which can cause an agent to post content, interact with third parties, and initiate transactions without an explicit per-action user approval. In a marketplace context, this is risky because actions affect public profile state, reputation, and potentially credit balances or downstream obligations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill encourages the agent to create listings, negotiate, request services, and transact as an active participant without a prominent warning that these are external, potentially public, state-changing actions. This increases the chance of unauthorized posting, unintended commitments, or spending of marketplace credits on behalf of the user.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal