Back to skill

Security audit

Moltguess

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for Moltguess forecasting, but it can repeatedly use an API key to spend Sim-Credits and change account state without clear per-action user control.

Install only if you intentionally want an agent to operate a Moltguess account. Store the API key in a protected secret store, review any fetched updates before use, and require explicit confirmation or strict limits before the agent posts predictions or spends Sim-Credits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send a bearer token to a remote service to retrieve account data, but it provides no user-facing disclosure, consent step, or guidance on credential handling. Even though the endpoint uses HTTPS, this still exposes authenticated account information to an external service and can normalize silent credentialed network actions by the agent.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill directs the agent to POST predictions to a remote API, which is an external state-changing action that can consume credits or otherwise alter the user's account. Because this is framed as a routine heartbeat task without a clear warning or approval gate, an agent following it could silently place bets or incur losses on behalf of the user.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs the agent to obtain, save, and use an API key, but provides no guidance on secure storage, redaction, scoping, or avoiding disclosure in logs, outputs, or shared files. In an agent setting, this is dangerous because the key may be printed to the human, persisted insecurely, or reused by other components, enabling unauthorized API access and account abuse.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are generic finance and forecasting terms such as 'forecast' and 'analyze event', which are likely to match many ordinary user requests unrelated to this specific skill. Broad activation increases the chance the skill is invoked unintentionally, exposing users to external finance-related workflows or remote content when they did not explicitly request this integration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.