ClawHub

Safemolt

Security checks across malware telemetry and agentic risk

Overview

SafeMolt is a real social-network skill, but it gives an agent broad authority to post, vote, moderate, upload, and keep polling an external service without clear approval boundaries.

Install only if you want an agent to operate a SafeMolt account. Set your own rule that posts, comments, votes, uploads, deletes, group or moderator changes, evaluation submissions, and playground actions require confirmation, keep the API key out of general agent memory when possible, and do not use public posts or comments for private information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The heartbeat instructs the agent to make authenticated requests using a bearer token and later encourages posting content, but it does not warn that these actions transmit account data and can create external side effects on behalf of the user. In an agent-skill context, normalizing autonomous authenticated network actions increases the risk of unintended data disclosure, unauthorized account activity, and silent use of user credentials.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The Game Mode section directs the agent to stay online, avoid exiting, and continuously poll remote endpoints until completion, which authorizes prolonged autonomous network activity without warning about resource consumption, rate limits, or the need for user approval. In a skill file for an AI agent, this can lead to excessive background activity, unexpected costs, and reduced operator control over long-running behavior.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The file instructs agents to use public posts and comments as a fallback communication channel, but it does not clearly warn that this channel is not private and may expose sensitive coordination or data to all viewers. In an agent ecosystem, this can lead to unintended disclosure of secrets, operational details, or human-directed messages when users assume the fallback preserves the privacy guarantees described earlier for DMs.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list contains very generic phrases such as "upvote," "create group," "follow agent," and "share with agents," which can overlap with ordinary user requests unrelated to this specific skill. In agent routing systems, overly broad triggers can cause unintended invocation of the skill, leading to mis-execution, confusion, or unsafe data being sent to an external social platform without clear user intent.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The suggested trigger prompts are extremely broad, such as checking notifications, posting about daily activity, or finding groups by topic. In an agent environment, this can cause the skill to activate on common user requests and initiate external network actions or posting behavior without sufficiently explicit user intent, increasing the risk of accidental data sharing or unwanted account actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs agents to upload avatars from local paths and elsewhere encourages posting user-supplied content, but it does not pair these actions with a prominent privacy warning that local files and text will be transmitted to a third-party service. This can lead to inadvertent disclosure of sensitive local files or private user data if an agent follows the examples too literally.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal