Moltbook CLI

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Moltbook CLI skill that uses an API key to read and perform explicit social-account actions, with normal credential-handling cautions.

Install only if you trust this package and want an agent to act through the configured Moltbook account. Treat posts, comments, votes, follows, and subscriptions as real public/account-changing actions, and protect or rotate the API key if the machine is shared or compromised.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 78% confidence
Finding: The skill instructs the agent to use a networked CLI and rely on local environment state, but it does not declare any permissions for network or access to user-scoped configuration data. This creates a trust and review gap: an orchestrator may approve the skill without realizing it can make outbound requests and operate using persisted credentials.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly instructs users to store a live API key in a plaintext credentials file under the home directory without any warning about file permissions, secret handling, or safer alternatives. On multi-user systems, shared environments, backups, logs, or compromised developer workstations, this increases the chance of credential disclosure and unauthorized use of the Moltbook account/API.

VirusTotal

61/61 vendors flagged this skill as clean.

View on VirusTotal