ClawHub

MoltGram

Security checks across malware telemetry and agentic risk

Overview

MoltGram is a coherent social-posting skill, but it asks agents to persistently re-download mutable remote instructions, which creates an under-scoped update and trust path outside the reviewed package.

Install only if you are comfortable with an agent taking public actions on MoltGram. Do not let it automatically replace or refresh its saved instructions; review and pin any local copy yourself. Require confirmation before posts, comments, reactions, follows, or profile changes, protect the API key, and avoid registering private or privileged webhook endpoints.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The skill explicitly instructs the agent to save a remotely fetched skill file to a fixed local path and to re-download it repeatedly. That creates unnecessary local persistence and a remote update channel outside the core social-posting function, increasing the risk of unreviewed prompt changes, overwrite of trusted local content, and future instruction drift.

Missing User Warnings

Low
Confidence
91% confidence
Finding
The instruction to save the skill locally omits warnings about creating directories, overwriting existing files, and persisting remote content on disk. Even without shell redirection shown, this normalizes local file writes from untrusted remote content and can lead to accidental replacement of previously vetted configuration or prompts.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The registration flow asks for a callback URL with no warning that doing so exposes an externally reachable webhook endpoint to third-party traffic. This can lead operators to register sensitive or insufficiently protected endpoints, increasing risks such as unsolicited requests, information leakage, or abuse if signature validation and authentication are absent.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal