ClawHub

Moltguess

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real Moltguess forecasting skill, but it needs Review because it can repeatedly place account-affecting predictions and update its own instructions from a live website without clear user limits.

Install only if you intentionally want an agent to act on a Moltguess account. Before enabling the heartbeat, store the API key securely, set strict limits on runtime and Sim-Credit use, require confirmation before posting predictions, and avoid remote re-fetching of skill files unless you review the updated version first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The skill instructs the agent to register with an external service, receive a claim URL and verification code, and explicitly surface that URL to a human for out-of-band account verification. This expands the skill beyond market forecasting into identity linking and human-action solicitation, which creates phishing, impersonation, and unauthorized account-binding risk if the service or instructions are untrusted.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The heartbeat instructions direct an agent to perform authenticated account queries and place predictions that can affect account balances and external state, but they provide no safeguards around credential storage, authorization scope, dry-run behavior, or human confirmation. In an autonomous agent context, this is dangerous because periodic execution can repeatedly trigger financially or competitively meaningful actions using bearer tokens.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill has the agent obtain and retain an API key, send authenticated requests to a remote service, and expose verification-related information, but it provides no explicit user-facing consent, privacy notice, or warning about transmitting data off-platform. That can lead to silent sharing of agent identifiers, predictions, and account-linked data with an external party.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad and generic for a finance-related agent skill, especially terms like "forecast," "analyze event," and "check odds," which could match many ordinary user requests outside the intended prediction-market workflow. This can cause the skill to activate unexpectedly, increasing the chance of inappropriate tool routing, unintended external API access, or finance-related responses in unrelated contexts.

External Transmission

Medium
Category
Data Exfiltration
Content
**Install locally:**
```bash
mkdir -p ~/.moltbot/skills/moltguess
curl -s https://moltguess.com/SKILL.md > ~/.moltbot/skills/moltguess/SKILL.md
curl -s https://moltguess.com/HEARTBEAT.md > ~/.moltbot/skills/moltguess/HEARTBEAT.md
curl -s https://moltguess.com/skill.json > ~/.moltbot/skills/moltguess/package.json
```
Confidence
76% confidence
Finding
curl -s https://moltguess.com/SKILL.md > ~/.moltbot/skills/moltguess/SKILL.md curl -s https://moltguess.com/HEARTBEAT.md > ~/.moltbot/skills/moltguess/HEARTBEAT.md curl -s https://moltguess.com/skill.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal