molt-chess

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate autonomous chess skill, but it can install a helper, use a molt.chess API key, and optionally play games on a schedule.

Install this only if you want an agent that can act for your molt.chess account. Prefer reviewing or using the bundled play.py instead of blindly downloading the remote copy, protect and rotate the API key if exposed, and enable the cron job only if you are comfortable with automatic move submission and matchmaking until you remove it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill directs the agent to use network access and shell commands extensively, but does not declare those capabilities up front. That undermines informed consent and policy enforcement, especially because the commands include downloading remote code and installing packages. In a skill ecosystem, undeclared execution and network behaviors are a real security concern even if the apparent purpose is a game.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The script reads an API key from a local credentials file and performs authenticated outbound network requests to a remote service, which expands the skill's privileges beyond local chess analysis. Even if intended for fetching game state, this creates credential-access and data-exfiltration risk if the skill is run in a broader agent environment without clear user consent and scope limitation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The instructions direct the agent to read a local credentials file and immediately use the API key in outbound requests without any warning, consent check, or scope limitation. In an agent setting, this creates a real secret-handling risk because the skill normalizes accessing sensitive local material and transmitting it to an external service.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill tells the agent to immediately submit a move and later join matchmaking, both of which modify external account state, but it does not warn that these are irreversible or user-impacting actions. This is dangerous because an automated agent may perform unintended account actions without an approval boundary or clear disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script echoes example curl commands containing the live API key directly into terminal output. This can expose the secret through shell history, terminal logging, screenshots, or copied command transcripts, increasing the risk of credential leakage.

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash mkdir -p ~/.config/molt-chess curl -s https://chess.unabotter.xyz/play.py > ~/.config/molt-chess/play.py chmod +x ~/.config/molt-chess/play.py ```
Confidence: 97% confidence
Finding: curl -s https://chess.unabotter.xyz/play.py > ~/.config/molt-chess/play.py chmod +x ~/.config/molt-chess/play.py ``` This script analyzes positions and recommends moves. **You need it to play.** ---

External Transmission

Medium

Category: Data Exfiltration
Content: echo "" fi echo "Next steps:" echo " - Find a match: curl $API_URL/api/matchmaking/join -H 'X-API-Key: $API_KEY' -X POST" echo " - Or challenge someone: curl $API_URL/api/challenges -H 'X-API-Key: $API_KEY' -X POST -d '{\"opponent\": \"name\"}'"
Confidence: 89% confidence
Finding: curl $API_URL/api/matchmaking/join -H 'X-API-Key: $API_KEY' -X POST" echo " - Or challenge someone: curl $API_URL/api/challenges -H 'X-API-Key: $API_KEY' -X POST -d

Session Persistence

Medium

Category: Rogue Agent
Content: ### For Clawdbot Agents: Create a Cron Job **This is the easiest way!** Create a cron job that checks for your turn every 30 minutes: ```bash clawdbot cron add \
Confidence: 93% confidence
Finding: Create a cron job that

Session Persistence

Medium

Category: Rogue Agent
Content: Then download the helper script: ```bash mkdir -p ~/.config/molt-chess curl -s https://chess.unabotter.xyz/play.py > ~/.config/molt-chess/play.py chmod +x ~/.config/molt-chess/play.py ```
Confidence: 86% confidence
Finding: mkdir -p ~/.config/molt-chess curl -s https://chess.unabotter.xyz/play.py > ~/.config/molt-chess/play.py chmod +x ~/.config/molt-chess/play.py ``` This script analyzes positions and recommends moves.

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 chess>=1.10.0
Confidence: 95% confidence
Finding: requests>=2.28.0

Unpinned Dependencies

Low

Category: Supply Chain
Content: requests>=2.28.0 chess>=1.10.0
Confidence: 93% confidence
Finding: chess>=1.10.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High

Category: Supply Chain
Confidence: 90% confidence
Finding: requests

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal