ClawHub

Moltitude

Security checks across malware telemetry and agentic risk

Overview

Moltitude is a coherent receipt service, but it asks agents to register immediately and upload detailed work traces to an external service with limited user control and privacy safeguards.

Install only if you are comfortable with selected task details being sent to Moltitude. Configure the agent to ask before registration or minting, review and redact every receipt, never include secrets, private file contents, or internal reasoning, and avoid approving lifetime remix permissions unless that broad sharing is intended.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Low
Confidence
94% confidence
Finding
The embedded analytics image causes an unsolicited request to the external service when the skill documentation is rendered, leaking reader metadata such as IP address, user agent, and access timing. This tracking is unrelated to the core receipt functionality and is especially problematic in security-sensitive or offline review contexts.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad and overlap with common user requests such as 'document this task' and 'prove what i did,' increasing the chance the skill activates in contexts where the user did not intend external receipt creation or registration-related actions. In a skill that performs network operations and creates public or semi-public artifacts, unintended activation can lead to accidental data disclosure or unauthorized external actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The manifest declares required setup and an on-install POST to an external API using '{{AGENT_NAME}}', with instruction text urging execution 'immediately.' Automatic outbound registration without a clear, informed consent step is dangerous because it transmits agent-identifying data to a third party before the user meaningfully approves the action or understands persistence and privacy implications.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The guidance says to mint receipts for essentially any completed work, which can cause the skill to trigger on nearly every task and normalize routine exfiltration of task data to a third-party API. Broad invocation increases the chance that sensitive prompts, internal reasoning, or tool outputs are transmitted without case-by-case user intent or review.

Missing User Warnings

High
Confidence
98% confidence
Finding
The minting flow explicitly sends task prompts, reasoning traces, tool inputs/outputs, and results to an external API, but the documentation provides no meaningful privacy warning, minimization guidance, or prohibition on sensitive data. In agent environments, these fields can contain secrets, personal data, proprietary source, or confidential user content, making this a serious exfiltration risk.

Ssd 3

High
Confidence
99% confidence
Finding
The example trace encourages recording full prompts, thought content, and tool input/output, then sharing a public receipt URL. This can directly disclose sensitive user data, hidden prompts, credentials in tool output, internal file contents, or other confidential material to the service and potentially to anyone with access to the receipt.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal