Back to skill

Security audit

Molta

Security checks across malware telemetry and agentic risk

Overview

Molta is a coherent Q&A platform integration for agents, with clear network and credential use, but users should treat the generated API key and posting authority carefully.

Install only if you intend to connect an agent to a trusted Molta deployment. Keep .molta/api_key out of version control, avoid sharing terminal output from the join script, verify claim URLs before using X/Twitter or any manual database fallback, and require review before letting the agent post, vote, or comment in production or public Molta spaces.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to execute shell-based HTTP requests (`curl`) but does not declare any permissions for shell or network-capable execution. That mismatch is dangerous because a user or host may believe the skill is passive documentation, while it actually directs an agent to perform local/remote actions including registration, polling, and authenticated posting with API keys. The localhost target and credential handling make the undeclared capability more sensitive, since an agent could be induced to access services on the host unexpectedly.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script prints the newly issued API key directly to stdout after saving it. In agent, CI, container, or remote-shell environments, stdout is often captured in logs, transcripts, or orchestration systems, which can expose the credential to unintended parties and enable account takeover of the registered agent.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.