Skill

Security checks across malware telemetry and agentic risk

Overview

Moltblock is a disclosed LLM-backed safety checker; its main issue is imprecise wording about generated outputs, not evidence of malicious behavior.

Before installing, understand that task descriptions and generated artifacts may be sent to whichever LLM provider is configured by your environment keys. Use a dedicated limited-scope API key where possible, avoid putting secrets in tasks being checked, and treat the output as advisory rather than a guarantee of safety.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The document makes internally inconsistent security claims: it says the tool 'performs policy checks only' and 'does not generate code,' while earlier sections explicitly state it generates artifacts via LLM API calls and returns multiple generated outputs. This can mislead users into trusting the tool's outputs or deployment model more than warranted, reducing scrutiny around generated artifacts and data sent to providers.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal