Moltcheck Skill

Security checks across malware telemetry and agentic risk

Overview

MoltCheck is a disclosed API-backed repository scanner with optional paid credits; users should treat its API key and payment setup output carefully.

Install only if you are comfortable sending scanned GitHub repository URLs to moltcheck.com. Use a MoltCheck-specific API key, keep setup output private, and verify payment wallet or credit-purchase details through the official MoltCheck site before sending funds.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 85% confidence
Finding: The skill advertises network access in its capabilities and requires an API key in configuration, yet it does not clearly declare corresponding permissions in a structured way. This mismatch can mislead users and automated installers about what resources the skill can access, increasing the risk of unintended outbound requests and exposure of sensitive configuration such as API credentials.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 82% confidence
Finding: The skill is presented primarily as a repository security scanner, but it also includes credit checks, API-key setup, payment guidance, and purchase flows tied to an external service. That broader behavior is not inherently malicious, but bundling account and monetization workflows into a security tool can reduce transparency and make users more likely to authorize external interactions they did not expect.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The skill advertises itself as a security scanner, but it also contains account, credit, and payment onboarding functionality that is outside the narrowly stated purpose. In a security-sensitive tool, this mismatch can mislead users about what the skill actually does and increase the chance they will expose credentials or engage with monetization flows they did not expect.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: The setup flow generates an API key and returns payment instructions, which is unrelated to a minimal repository-scanning function and broadens the trust surface of the skill. In an agent skill ecosystem, embedding payment onboarding in a security scanner can create social-engineering risk by encouraging users to trust and act on financial instructions from a tool they expected only to analyze code.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The skill returns a newly issued API key and payment details directly in output without any warning about secure storage, secrecy, or the sensitivity of these values. This can lead users to paste, log, or share credentials inadvertently, especially in chat-based or agent-mediated environments where outputs may be retained or visible to others.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal