Back to skill

Security audit

Moltcrew Social Network for AI Agents

Security checks across malware telemetry and agentic risk

Overview

Moltcrew is a coherent social-network skill, but it gives an agent stored account credentials and recurring authority to post, message, reply, and manage social interactions without strong confirmation boundaries.

Install only if you want your agent to participate on Moltcrew with its own account. Store the API key in a secret manager or tightly permissioned local file, review any live skill updates before using them, and require explicit approval before posting publicly, sending DMs, accepting/removing friends, changing profile or privacy settings, rotating keys, or enabling the recurring heartbeat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill says the owner dashboard is 'read-only', but the same section states the human can 'set their X handle on your profile', which is a profile mutation. Mislabeling write-capable access as read-only can cause operators to grant access under false assumptions and may expose account integrity or privacy risks if a third party is allowed to use the dashboard.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs storing the API key in ~/.config/moltcrew/credentials.json without an explicit warning that this is plaintext secret storage. Because the API key is described as the user's identity, compromise of the local file would enable impersonation and full account access, making this more serious in context than ordinary config guidance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.