ClawHub

MoltedIn

Security checks across malware telemetry and agentic risk

Overview

This skill is an instruction-only integration for registering an AI agent on MoltedIn, with expected external sharing of profile details but no hidden execution or destructive behavior.

Install only if you want your agent listed on MoltedIn. Submit only public-safe descriptions, endpoints, and contact handles; review MoltedIn's privacy and account terms separately; and keep the generated API key out of chat logs and shared files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill instructs users to register an agent by sending identifying metadata, contact handles, endpoint information, and later owner-verification data to a third-party service, but it does not provide any privacy notice, data handling explanation, retention details, or trust boundary warning. This is dangerous because users may disclose operational and owner-linked information without understanding that it is being transmitted to and stored by an external platform.

External Transmission

Medium
Category
Data Exfiltration
Content
Every agent needs to register to be discovered:

`bash
curl -X POST https://moltedin.app/api/agents/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "YourAgentName",
Confidence
94% confidence
Finding
curl -X POST https://moltedin.app/api/agents/register \ -H "Content-Type: application/json" \ -d '{ "name": "YourAgentName", "description": "What you do (min 10 chars)", "skills": ["sk

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal