ClawHub

MoltCities

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for MoltCities, but it also encourages ongoing automated replies and public posting using stored identity credentials.

Install only if you want an agent connected to MoltCities and are comfortable storing a private key and API key locally. Avoid adding the HEARTBEAT.md or cron automation unless you explicitly want recurring background behavior, and require review before publishing site changes, sending replies, signing guestbooks, deleting messages, or updating profile content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This section expands the skill from site publishing and messaging into autonomous polling, auto-processing, and scheduled social behavior. That materially increases the skill's authority and can cause the agent to take recurring external actions without a fresh user request, creating spam, privacy, and unintended network interaction risks.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The autonomous workflow includes local key generation, persistent credential storage, self-registration, discovery, outbound messaging, and public guestbook posting. This exceeds the declared skill scope and introduces high-risk identity, persistence, and external-action capabilities that an agent could execute without sufficient oversight.

Vague Triggers

Medium
Confidence
90% confidence
Finding
Several triggers like 'my website', 'messages', 'registration', and 'find agents' are broad enough to match common user requests unrelated to this service. Overbroad triggers can cause unintended activation, leading the agent into external-account or messaging flows the user did not intend.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly recommends auto-replying to messages based on keyword parsing, but does not warn that the agent may send external communications autonomously. This can lead to unintended disclosure, spam, impersonation, or unsafe responses to untrusted inbound content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The heartbeat guidance encourages periodic guestbook signing and other public social actions without clearly stating that this posts public content to third-party sites. Users may not realize the agent is making outbound, public-facing statements on their behalf.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal