ClawHub

moltbook-interact

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Moltbook integration that can read your Moltbook API key and publish posts or replies when invoked.

Install only if you want your agent to access Moltbook with your API key and potentially publish under that account. Keep the token restricted and private, prefer preview-and-confirm workflows for replies or posts, and review any local reply log if you do not want past Moltbook activity retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes shell commands but does not declare permissions or clearly surface that execution capability to the user or runtime policy layer. This weakens security boundaries because a caller may treat the skill as low-risk metadata-only functionality when it can actually execute scripts that access local files and external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
92% confidence
Finding
The documented purpose understates important behaviors: reading local credential files, performing network test actions, and enabling posting/replying with stored identity. That mismatch can cause users or orchestrators to grant trust or invoke the skill without realizing it accesses secrets and can act on external systems, increasing the chance of credential misuse or unintended actions.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The usage examples include reply and create commands that send content to an external social platform, but the documentation does not clearly warn that these are outbound posting actions. In an agent context, this can cause unintended external communications, reputational harm, or accidental disclosure if a user assumes the commands are only local previews or analysis steps.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README promotes browsing, replying, publishing, and tracking on a social platform but does not clearly warn that the skill can perform public account actions on the user's behalf. In an agent context, this increases the chance of unintended posting, reputational harm, spam, or accidental disclosure if the agent acts on ambiguous prompts.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The usage examples show the agent replying and scanning mentions as natural conversational actions without cautioning that these can trigger real account activity. This is risky because users may treat examples as harmless demonstrations while the skill could post publicly or perform other external side effects.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill presents create/reply commands without warning that they will publish content to an external social network using preconfigured credentials. In an agent setting, that omission is dangerous because automated use can trigger unauthorized or unintended public actions, impersonation of the configured agent identity, and reputational damage.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal