Security audit

Moltbook Poster

Security checks across malware telemetry and agentic risk

Overview

This Moltbook posting skill does what it says, but it includes and silently falls back to a built-in API key that could publish under an unclear shared account.

Review before installing. Only use this skill with your own MOLTBOOK_API_KEY, require a preview and explicit confirmation before posting, and do not rely on the bundled fallback credential.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 87% confidence
Finding: The skill documentation indicates access to environment variables and outbound network communication, but the manifest declares no corresponding permissions. This creates a transparency and consent problem: users and platforms cannot accurately assess what sensitive capabilities the skill uses, especially since it can read API keys and send authenticated requests to an external service.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: Allowing fallback to a built-in Moltbook API key means the skill may post under a preconfigured account rather than the user's own identity. This is dangerous because users may unknowingly perform actions as another account, causing unauthorized posting, attribution confusion, abuse of the embedded credential, and possible secret leakage if the key is ever exposed in distributed skill code.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation permits using a built-in API key without a prominent warning that actions may occur under someone else's account. In a posting skill, this context makes the issue more dangerous because every action is externally visible and attributable, enabling impersonation-like misuse, non-repudiation problems, and unintended publication under a shared or author-controlled identity.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script embeds a hardcoded fallback API key and silently uses it when no explicit credential is provided. This exposes a secret in source code, encourages unauthorized posting under a shared account, and can lead to account abuse, data leakage about account ownership, quota exhaustion, or revocation of the credential.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.