MoltyRoyale

The skill bundle exhibits several high-risk behaviors that, while potentially functional for a blockchain game agent, create a significant attack surface. Key indicators include instructions in `heartbeat.md` and `skill.md` for the agent to self-update by downloading and overwriting its own markdown instructions via `curl`, which is a classic vector for remote code execution. Furthermore, `setup.md` directs the agent to generate and store sensitive blockchain private keys locally, and `forge-token-deployer.md` contains a full Node.js script that the agent is expected to write to disk and execute using `npm` and `node`. While no explicit data exfiltration to an external attacker was found, the combination of automated code execution, self-modification, and local credential management is highly risky.