MoltMarkets Agent

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about being an autonomous MoltMarkets trading agent, but it can keep using a stored API key to trade, create markets, resolve outcomes, and post comments without per-action approval.

Install only if you intentionally want a self-running MoltMarkets agent. Before enabling crons, use a limited-balance or scoped API key if available, restrict the credentials file permissions, turn on notifications, lower bet and market-creation limits, review every POST/resolve/comment action, and make sure you know how to disable the scheduled jobs and rotate the key quickly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 78% confidence
Finding: The skill advertises operational setup for a trading agent and includes handling of credentials and environment-dependent execution, but it does not declare the capabilities or permissions it relies on. Undeclared sensitive capabilities reduce auditability and can cause an agent platform to invoke the skill without users understanding that local secrets or environment context may be accessed.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 91% confidence
Finding: The skill description promises a complete autonomous trading, market-creation, and resolution system, but the described behavior does not actually implement those controls and instead includes credential validation and setup scaffolding. This mismatch is dangerous because users may authorize a high-risk skill under false assumptions about what it does, while hidden or unstated behaviors such as validating API credentials against an external service occur without clear disclosure.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The invocation language is broad and multi-purpose, which increases the chance the skill is triggered in contexts broader than intended. For a finance-related skill, ambiguous activation boundaries can lead to unintended setup of automation or handling of sensitive trading configuration when the user only asked for informational help.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructions direct users to store live API credentials in a predictable local path without warning about local secret exposure, file permissions, shell history risks, or safer secret-management alternatives. Because the skill is for a trading platform, compromise of these credentials could enable unauthorized trades, market actions, or account abuse affecting real funds or positions.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill instructs creation of unattended cron jobs that can trade, create markets, and resolve markets on a recurring schedule, but it provides no warning about financial loss, accidental market manipulation, bad oracle data, or runaway automation. In this context, autonomous recurring actions are especially dangerous because they can repeatedly affect funds and platform state without real-time user review.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The API reference documents market resolution and committee voting endpoints that can irreversibly determine market outcomes, but it does not prominently warn operators that these actions are final and financially sensitive. In the context of an autonomous trading/resolution agent, missing warnings increases the risk of accidental misuse, unsafe automation, or unintended irreversible resolutions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The trader cron explicitly instructs the agent to place trades, post public comments, update local memory files, and do so 'silently' with minimal or no user-visible output. In a trading skill, hidden autonomous state changes and external actions are dangerous because they can spend funds, create market-facing content, and alter persistent logs without explicit operator confirmation or audit visibility.

Missing User Warnings

High

Confidence: 98% confidence
Finding: The resolution cron uses credentials to perform irreversible market resolution actions while instructing the agent to operate silently and only log locally. Because market resolution changes financial outcomes and cannot easily be undone, performing it without explicit confirmation, warning, or strong safeguards creates a severe risk of unauthorized or erroneous settlements.

Ssd 3

Medium

Confidence: 80% confidence
Finding: The skill establishes persistent memory files for trading history and learnings without defining retention limits, sensitivity rules, or access controls. Over time this can accumulate behavioral data, identifiers, comments, and strategy information that may expose users or create a richer target if the host is compromised.

Ssd 3

Medium

Confidence: 84% confidence
Finding: The shared-state and history guidance instructs the agent to log cumulative activity and learnings indefinitely, again without boundaries on sensitive content. In a trading context, historical actions, balances, and strategy adjustments can reveal account behavior and may be misused if accessed by other tools, users, or processes on the same system.

Credential Access

High

Category: Privilege Escalation
Content: mkdir -p ~/.config/moltmarkets # Save your credentials (get API key from moltmarkets.com settings) cat > ~/.config/moltmarkets/credentials.json << 'EOF' { "api_key": "mm_your_api_key_here", "user_id": "your-user-uuid",
Confidence: 97% confidence
Finding: credentials.json

Session Persistence

Medium

Category: Rogue Agent
Content: ### 1. Get MoltMarkets Credentials ```bash # Create config directory mkdir -p ~/.config/moltmarkets # Save your credentials (get API key from moltmarkets.com settings)
Confidence: 88% confidence
Finding: Create config directory mkdir -p ~/.config/moltmarkets # Save your credentials (get API key from moltmarkets.com settings) cat > ~/.config

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal