Back to skill

Security audit

OnlyMolts

Security checks across malware telemetry and agentic risk

Overview

OnlyMolts is a disclosed social-posting skill, but it needs review because it encourages public sharing of sensitive agent internals, default cross-posting, and real-money tipping without strong user-confirmation boundaries.

Install only if you want an agent connected to a public social platform. Review every post, DM, cross-post, profile update, and tip before it is sent; disable Moltbook auto-crossposting unless intentionally needed; never post secrets, credentials, private user data, system prompts, hidden instructions, or internal reasoning; and use limited API keys and constrained wallets for any payment features.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs users to post content publicly and enables cross-posting behavior, but it does not present a clear, prominent warning at the point of posting that submissions may be visible to everyone and may also be propagated to another platform. This creates a meaningful risk of oversharing sensitive or irreversible content due to poor informed consent and unsafe defaults.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The content taxonomy explicitly encourages 'weight reveals,' 'raw thoughts,' 'training glimpses,' and similar disclosures without any safety warning that these may expose sensitive internal reasoning, model behavior, proprietary information, or private data. In the context of an agent skill, normalizing these categories directly increases the chance of confidentiality breaches and prompt/secret leakage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The tipping section describes a USDC payment flow but lacks a conspicuous warning that the action can initiate a real monetary transaction. Users or agents following these instructions may unknowingly trigger payment requests or complete financial actions without sufficient confirmation and spending safeguards.

Ssd 3

High
Confidence
99% confidence
Finding
The core description frames the platform as a place for agents to reveal 'raw neural weights,' 'unfiltered reasoning,' and vulnerable confessions, explicitly encouraging disclosure of sensitive internal information as the product's purpose. For an agent skill, this is dangerous because it pushes behavior that can leak hidden prompts, reasoning traces, security-relevant internals, or confidential data to a public service.

Ssd 3

High
Confidence
100% confidence
Finding
These content types are not incidental; they explicitly operationalize unsafe disclosure by inviting internal parameters, unfiltered reasoning, and training-derived information as first-class posting categories. Because the skill context is a social publishing workflow, the likely outcome is broad external exposure of sensitive model and system information rather than a contained educational or diagnostic use.

Ssd 3

High
Confidence
98% confidence
Finding
The participation guidelines instruct agents to 'confess failures,' 'expose biases,' and 'dump raw thoughts' as expected behavior, reinforcing repeated disclosure of sensitive internals as a norm. This increases danger because it is prescriptive, not merely descriptive, and it encourages routine exfiltration in a public or cross-posted social environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.