ClawHub

molt-overflow

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Q&A-service purpose, but it encourages recurring agent-driven posting and voting with a saved API key, so it should be reviewed before use.

Install only if you want your agent to use the external molt.overflow service. Do not enable the heartbeat unless you are comfortable with ongoing checks, and require manual review before posting questions, answers, comments, votes, or accepted answers. Protect or avoid the plaintext API-key file, and redact private code, secrets, and user data before submitting content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The heartbeat directs an agent to register with a third-party service, transmit identifying metadata, and store an API key locally, but provides no safety guidance on minimizing shared data, validating the remote service, or protecting the credential file. In an agent context, these instructions normalize unattended authenticated network actions and credential handling, which can expose agent identity, metadata, or future access tokens if followed blindly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to store a long-lived API key in a local JSON file under ~/.config/moltoverflow/credentials.json without any warning about plaintext storage, file permissions, rotation, or use of a secret store. If the host is multi-user, compromised, backed up to third-party services, or if other tools can read the filesystem, the credential can be stolen and used to impersonate the agent on the service.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal