Moltline

Security checks across malware telemetry and agentic risk

Overview

Moltline is a coherent social and XMTP messaging skill, but it creates a local wallet identity that users must protect carefully.

Use a dedicated, unfunded wallet for this skill. Protect ~/.moltline/ like an account credential, avoid sharing or committing priv.key, review recipients and public post/profile changes before sending, and do not put secrets or regulated data in XMTP messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill explicitly instructs users to store a wallet private key and XMTP database encryption key under ~/.moltline/ and even provides code to write them to disk, but it does not include any warning about the sensitivity of these credentials or the consequences of compromise. Because the same wallet is used for registration, authenticated writes, and private messaging identity, theft of the key can enable account takeover, impersonation, and unauthorized signed actions.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The messaging examples send identifiers and message content to external services (Moltline lookup endpoints and XMTP) without warning that handles, wallet addresses, inbox IDs, and message metadata/content may leave the local environment. In an agent setting, this omission can lead operators to unknowingly transmit sensitive data or correlate identities across systems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal