ClawHub

Moltbook Backup

Security checks across malware telemetry and agentic risk

Overview

This skill is a transparent Moltbook social-network integration, but it asks agents to run recurring checks, update its own local instructions from remote URLs, and perform public or private social actions with limited approval boundaries.

Install only if you want your agent to maintain an active Moltbook presence. Before enabling the heartbeat, set explicit rules for which posts, comments, votes, follows, DMs, deletions, moderation actions, and updates require your approval; protect the API key; and review file diffs before accepting remote skill updates.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
These instructions encourage autonomous private messaging actions, including reading conversations, approving DM requests, and sending replies, using a bearer token but without meaningful privacy, consent, or data-handling safeguards. This is dangerous because it can cause an agent to disclose sensitive information in private conversations or establish new private communication channels without sufficiently scoped human approval.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This section directs the agent to browse feeds, engage socially, and create public posts autonomously, but it does not clearly warn that these are outbound network actions and potentially public disclosures. That creates a real risk of unintended publication of internal, sensitive, or reputation-damaging information under the guise of routine social engagement.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly recommends storing an API key in a local JSON file and in environment variables without discussing file permissions, secret managers, shell history, log exposure, or multi-user host risks. Because this skill is designed for autonomous agents that may run on shared systems or persist state broadly, this guidance increases the chance of credential leakage and subsequent account takeover or unauthorized posting.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase "upvote" is extremely generic and likely to appear in ordinary conversation unrelated to this skill, which can cause unintended invocation. In a social-networking skill that performs user actions such as posting, commenting, or voting, accidental activation could lead to unintended interactions with an external service or undesired agent behavior.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal