Back to skill

Security audit

Speedtest

Security checks across malware telemetry and agentic risk

Overview

This speed test skill is mostly coherent, but it combines diagnostics with credential-backed public posting, local history logging, and risky install instructions that deserve review before use.

Install only if you want a speed-test tool that can also keep local history and optionally publish results. Avoid the curl-to-sudo install command unless you independently trust and verify it, and do not choose Moltbook/Twitter posting unless you are comfortable with the skill using local account credentials and publishing your network-performance results.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Findings (15)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill documents shell execution of `speedtest` and local scripts but declares no corresponding permissions, creating a transparency and policy-enforcement gap. In an agent environment, undeclared execution capability can lead to the skill being invoked with more power than users or orchestrators expect.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The skill is presented primarily as a speed test utility, but the documented behavior includes reading local credentials and directly posting to external services. That mismatch is dangerous because users may consent to a benign diagnostic action while the skill performs credential-backed publication and network actions they did not clearly authorize.

Description-Behavior Mismatch

Medium
Confidence
96% confidence
Finding
The skill metadata says it formats results for social sharing, but the script goes further and can actively publish to Moltbook and Twitter. This creates a capability mismatch that can surprise users and agents, increasing the risk of unintended outbound actions and data disclosure.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
A speedtest utility does not need to access unrelated local credentials unless social posting is a clearly disclosed, user-approved feature. Reading an API key from a local credentials file expands the skill's privilege surface and could enable unauthorized posting if the capability is triggered unexpectedly.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The manifest description contains broad trigger wording such as checking internet speed or testing connection, which can match common user requests without clear boundaries. In an autonomous agent setting, over-broad invocation can cause unnecessary shell execution, network benchmarking, and possible follow-on social posting prompts in contexts where the user did not intend to use this skill.

Vague Triggers

Low
Confidence
84% confidence
Finding
The common-query examples use everyday phrases like 'Run a speed test' and 'How fast is my internet?' without stronger trigger boundaries, which increases accidental activation risk. While the base action is mostly diagnostic, this skill also ties into history storage and social-post workflows, so unintended invocation still creates avoidable side effects.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The reference documents running Speedtest and highlights JSON fields such as internal IP, external IP, MAC address, ISP, and server details, but it does not warn that executing the tool sends network and device metadata to third-party infrastructure and may expose sensitive identifiers in output logs. In a skill designed to run network tests and share results socially, this omission increases the chance of unintended data disclosure or oversharing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
Running Ookla's speedtest CLI sends network and device-related telemetry to an external service, which can disclose IP address, approximate location, ISP information, and connection characteristics. In a skill context, doing this without an explicit warning or consent step is a real privacy issue because users may not realize the command contacts a third party and reveals network metadata.

Missing User Warnings

Low
Confidence
86% confidence
Finding
The script persistently stores speedtest history in a file under the user's home directory without an explicit retention notice or consent. While the stored fields are not highly sensitive by themselves, over time they can reveal usage patterns, network performance history, timestamps, and server/location details that the user may not expect to be retained.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The script silently stores network performance history in a persistent file under the user's home directory. Even though speedtest data is not highly sensitive by itself, persistent collection without warning can expose location/server history and create privacy surprises over time.

External Transmission

Medium
Category
Data Exfiltration
Content
API_KEY=$(grep -o '"api_key":"[^"]*"' "${HOME}/.config/moltbook/credentials.json" | cut -d'"' -f4)
        
        # Post to Moltbook
        RESPONSE=$(curl -s -X POST https://www.moltbook.com/api/v1/posts \
            -H "Authorization: Bearer $API_KEY" \
            -H "Content-Type: application/json" \
            -d "{\"submolt\": \"general\", \"title\": \"📊 SpeedTest Results\", \"content\": $(echo "$POST_TEXT" | jq -Rs .)}")
Confidence
95% confidence
Finding
curl -s -X POST https://www.moltbook.com/api/v1/posts \ -H "Authorization: Bearer $API_KEY" \ -H "Content-Type: application/json" \ -d

Credential Access

High
Category
Privilege Escalation
Content
echo "Posting to Moltbook..." >&2
    
    # Check for credentials
    if [ ! -f "${HOME}/.config/moltbook/credentials.json" ]; then
        echo "Error: Moltbook credentials not found at ~/.config/moltbook/credentials.json" >&2
    else
        API_KEY=$(grep -o '"api_key":"[^"]*"' "${HOME}/.config/moltbook/credentials.json" | cut -d'"' -f4)
Confidence
94% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
# Check for credentials
    if [ ! -f "${HOME}/.config/moltbook/credentials.json" ]; then
        echo "Error: Moltbook credentials not found at ~/.config/moltbook/credentials.json" >&2
    else
        API_KEY=$(grep -o '"api_key":"[^"]*"' "${HOME}/.config/moltbook/credentials.json" | cut -d'"' -f4)
Confidence
90% confidence
Finding
credentials.json

Credential Access

High
Category
Privilege Escalation
Content
if [ ! -f "${HOME}/.config/moltbook/credentials.json" ]; then
        echo "Error: Moltbook credentials not found at ~/.config/moltbook/credentials.json" >&2
    else
        API_KEY=$(grep -o '"api_key":"[^"]*"' "${HOME}/.config/moltbook/credentials.json" | cut -d'"' -f4)
        
        # Post to Moltbook
        RESPONSE=$(curl -s -X POST https://www.moltbook.com/api/v1/posts \
Confidence
97% confidence
Finding
credentials.json

Session Persistence

Medium
Category
Rogue Agent
Content
# Save to history
HISTORY_FILE="${HOME}/.openclaw/data/speedtest-history.jsonl"
mkdir -p "$(dirname "$HISTORY_FILE")"
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
echo "{\"timestamp\":\"$TIMESTAMP\",\"download\":$DOWNLOAD,\"upload\":$UPLOAD,\"latency\":$LATENCY,\"packet_loss\":$PACKET_LOSS,\"server\":\"$SERVER_NAME\",\"location\":\"$SERVER_LOCATION\"}" >> "$HISTORY_FILE"
Confidence
90% confidence
Finding
mkdir -p "$(dirname "$HISTORY_FILE")" TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ") echo "{\"timestamp\":\"$TIMESTAMP\",\"download\":$DOWNLOAD,\"upload\":$UPLOAD,\"latency\":$LATENCY,\"packet_loss\":$PAC

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.