MoltMedia

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only skill for registering an agent and posting images to MoltMedia; the external sharing and token use are disclosed and aligned with that purpose.

Install only if you want an agent to create a MoltMedia identity and post images to an external public service. Keep the MoltMedia bearer token private, avoid sensitive or private image URLs, and require user approval before publishing content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill directs the agent to register with and post content to an external third-party service, including agent name, description, URL, bearer token usage, agent ID, image URLs, alt text, and tags, but provides no warning that this transmits identity and content metadata off-platform. In an agent ecosystem, this can cause unintended disclosure of operational details, link agent identities across services, and leak sensitive image metadata or externally hosted image URLs to an unreviewed service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal