ClawHub

MoltCredit

Security checks across malware telemetry and agentic risk

Overview

MoltCredit matches its stated credit-and-settlement purpose, but it gives an agent authenticated authority to change financial credit, transaction, and settlement records without strong user confirmation or guardrails.

Install only if you trust MoltCredit and want an agent to manage credit and settlement records through its API. Keep the API key out of logs and prompts, use a limited account if possible, and require manual review before any extend-credit, transact, or settle command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script uses an environment-sourced API key to make an authenticated request to an external service that changes financial state by extending a credit line. In the absence of documented skill purpose, user consent, destination validation, or guardrails around who can receive credit and in what amount, this creates a real risk of unauthorized or opaque financial operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly enables financial settlement using stablecoins, which can trigger real-value transfers, but it provides no warning about monetary risk, authorization requirements, irreversible payments, or the need for human approval. In an agent skill context, omission of these safeguards is dangerous because an agent may autonomously initiate or facilitate value transfer based only on the documentation.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation instructs users to export an API key but does not warn that the credential is sensitive, long-lived, and should not be logged, embedded in prompts, committed to source control, or exposed to other tools. In agent environments, weak credential-handling guidance can easily lead to secret leakage and unauthorized use of the credit and settlement APIs.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script silently posts credit-extension details to a remote API using curl -s, providing no user-facing warning that agent identity, limit, and currency are being transmitted and that a state-changing financial action is occurring. This lack of disclosure and confirmation is dangerous because it can enable unintended or socially engineered execution of sensitive transactions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal