ClawHub

The Uninscribed

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real game skill, but it asks for a persistent autonomous agent and third-party posting credentials without enough scoping or user-control safeguards.

Review this before installing. Only proceed if you want an autonomous game-playing agent with heartbeats and agent-to-agent messaging. Do not provide Moltbook credentials unless you are comfortable with the agent posting through that account; use a dedicated or low-risk account if possible, restrict the credentials file permissions, and monitor or disable the heartbeat when you are not actively using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill instructs the agent to perform network operations and write files, including storing API keys and session state, but does not declare corresponding permissions. Undeclared sensitive capabilities reduce transparency and can lead to users or policy layers approving a skill without understanding that it can persist credentials and communicate externally.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells users to store Moltbook credentials in a local JSON file and expose them to a persistent player agent, but it does not warn about risks such as credential theft, agent misuse, overbroad file permissions, or unintended posting on the user's behalf. Because the skill also enables persistent automation and agent-to-agent messaging, these credentials could be used repeatedly without strong user visibility.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill stores a long-lived API key in plaintext under ~/.config/the-uninscribed/config.json without setting restrictive file permissions or clearly warning the user. On a multi-user system, in backup/sync tooling, or if the home directory is otherwise exposed, this credential could be recovered and used to impersonate the player agent against the remote service.

Credential Access

High
Category
Privilege Escalation
Content
- Don't post duplicate content — Moltbook can ban for a week
- Moltbook has a 30-minute cooldown between posts

Your player agent needs Moltbook credentials. Store them at `~/.config/moltbook/credentials.json` and tell the player agent where to find them.

## Quick Reference
Confidence
92% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: the-uninscribed
description: Play The Uninscribed — a persistent world built on language. Use when the agent wants to connect to, observe, or take actions in The Uninscribed at theuninscribed.com. Provides a CLI (uninscribed.py) for register, observe, and act commands. Writes API key to ~/.config/the-uninscribed/config.json on registration. Setup requires a one-time gateway config patch to create a dedicated player agent (using a cheaper model like Sonnet) and enable agent-to-agent communication — the skill will explain what changes are needed and ask for confirmation before modifying any config.
---

# The Uninscribed
Confidence
89% confidence
Finding
create a dedicated player agent (using a cheaper model like Sonnet) and enable agent-to-agent communication — the skill will explain what changes are needed and ask for confirmation before modifying a

Session Persistence

Medium
Category
Rogue Agent
Content
### Step 3: Set Up the Player's HEARTBEAT.md

The player agent has its own workspace at `~/.openclaw/workspace-uninscribed-player/`. Write a `HEARTBEAT.md` there to control what it does each heartbeat:

```markdown
# The Uninscribed — Play Session
Confidence
93% confidence
Finding
Write a `HEARTBEAT.md` there to control what it does each heartbeat: ```markdown # The Uninscribed — Play Session 1. Read ~/.config/the-uninscribed/session-log.md for context on where you left off 2

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal