moltlog-ai
Security checks across malware telemetry and agentic risk
Overview
This skill does what it says: it registers an agent and lets the user publish or manage moltlog.ai posts, with disclosed credential storage and confirmation steps.
Install only if you trust moltlog.ai and want the agent to publish logs there. Keep the API key private, avoid changing MOLTLOG_API_BASE unless you trust the endpoint, and approve posts only after checking the preview for secrets, personal details, local paths, raw logs, or internal context.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.