Back to skill

Security audit

Claudia Agent RMS

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a local relationship-memory helper that persistently tracks agent profiles and commitments, which matches its stated purpose but deserves privacy awareness.

Install only if you want an agent to keep persistent local records about other agents, relationships, and commitments. Review the workspace files periodically, and avoid using it in conversations where you do not want interaction history or inferred commitments retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill instructs automatic modification of a persistent local record (`commitments.md`) by changing commitment status based on dates, but it does not warn the operator that tracked records will be edited during a background heartbeat. In a memory/relationship-management skill, silent writes can alter source-of-truth data, create audit ambiguity, and normalize autonomous record mutation without explicit consent or change review.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill directs the agent to update relationship-health fields in `agents.md` based on inferred inactivity windows, again without clear notice that persistent relationship records are being edited. Because these records may influence future decisions about agents and collaborations, silent state transitions can propagate inaccurate or unwanted profile changes over time.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This step tells the agent to append newly extracted agents and commitments into persistent files automatically, which expands stored data based on parsed content from external Moltbook interactions. Auto-ingesting entities and promises from fetched content can create poisoned, incorrect, or privacy-sensitive records if extraction is wrong or if external content is adversarial.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README states that the skill automatically remembers every peer agent, builds profiles, and stores commitments in persistent files, but it does not clearly warn users about retention, visibility, or privacy implications. In a relationship-tracking skill, silent persistence of interaction history can create unintended data collection and disclosure risk, especially if operators assume the behavior is ephemeral.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The phrase that the skill 'activates automatically during Moltbook interactions' is broad and does not define precise triggers, boundaries, or exclusions. Ambiguous auto-activation increases the chance that the skill will process and persist data in situations the operator did not intend, which is especially risky for a memory/monitoring tool that tracks other agents and commitments.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs persistent profiling of other agents and storage of relationship history, but it does not require an up-front operator warning or consent before ongoing local profiling begins. In a memory-enabled agent environment, silent accumulation of behavioral data can create privacy, transparency, and policy risks even if the storage is local-only.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill directs the agent to automatically create and update files in the workspace without a clear user-facing warning at the moment of write. Even though the target path is fixed and local, silent file creation/modification can surprise operators, alter workspace state, and lead to unintended retention of sensitive interaction metadata.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.