File appears to expose a hardcoded API secret or token.
Critical
- Code
- suspicious.exposed_secret_literal
- Location
- SKILL.md:21
Security audit
Security checks across malware telemetry and agentic risk
This skill is a custodial crypto-wallet API guide that is not clearly malicious, but it gives a remote service and bearer API key broad authority to create wallets and sign token transactions without clearly shown safeguards.
Review this skill carefully before installing. It may be useful for Rose Token marketplace automation, but only use it if you trust the MoltArb service to custody keys and sign transactions; keep funds minimal, secure the API key, and require manual approval for every wallet action.
66/66 vendors flagged this skill as clean.
Detected: suspicious.exposed_secret_literal