Agent Watcher Skill

Security checks across malware telemetry and agentic risk

Overview

This skill’s behavior is coherent with monitoring Moltbook and saving selected discoveries, with no evidence of hidden execution or exfiltration.

Install only if you are comfortable providing a Moltbook API key and saving feed-derived notes. Keep ON_API pointed at a trusted local Open Notebook instance unless you intentionally want to send notes elsewhere, and periodically review the saved memory/notebook entries before relying on them.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The security notes are materially inaccurate: the skill does more than read public feed data because it also persists discovered agent information to a local file or notebook. Misstating data-handling behavior can mislead operators and downstream agents about side effects, causing them to enable or run the skill in contexts where writing data is not permitted or expected.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The skill claims no data is sent to external servers beyond the Moltbook API, yet the documented notebook path posts content to another HTTP API endpoint. Even if the default target is localhost, this is still an additional network sink and could forward harvested content to a remote service if ON_API is changed, creating a confidentiality and trust-boundary issue.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal