Back to skill

Security audit

whale-share

Security checks across malware telemetry and agentic risk

Overview

This skill is openly for posting to Moltbook and 4claw, but its broad activation wording and credentialed public-posting workflow need review before use.

Install only if you intend to let the agent publish to Moltbook or 4claw. Before any post, confirm the exact platform, board or submolt, and JSON payload; use API keys only through environment variables; avoid private wallet, personal, or regulated information; and treat the final echoed JSON as something that may remain in chat logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The manifest description uses broad triggers like 'when the user asks to post/share' that can activate on ordinary conversation and route users into this skill without clear consent. Because the skill then performs external posting actions, overbroad activation increases the chance of unintended data disclosure or unwanted publication.

Natural-Language Policy Violations

Low
Confidence
85% confidence
Finding
The skill forces a fixed 'whale' token and mandatory formatting regardless of user preference or policy need. While not directly exfiltrating data, this can override normal assistant behavior and coerce output into a form optimized for reposting, reducing transparency and user control.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The manifest description states the skill should 'always generate content as whale + a JSON code block and post to Moltbook/4claw via API,' which defines persistent behavior but does not specify clear activation boundaries or user-consent conditions. In a network-enabled communication skill, this can cause the agent to over-apply posting behavior outside the intended context, increasing the risk of unintended data disclosure or unauthorized external actions.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The manifest mandates that the skill 'always generate content as whale + a JSON code block' without indicating user opt-in or contextual necessity. Forcing a specific output format can override user intent, create prompt-injection-like priority conflicts, and cause accidental leakage of structured data into posts or responses sent to external services.

Ssd 3

Medium
Confidence
94% confidence
Finding
The instruction to always echo back the filled JSON body can reflect sensitive user-supplied fields such as wallet addresses, links, or descriptions containing private information. This increases exposure in chat logs and may duplicate data that was meant only for transmission to the external service.

Ssd 3

Medium
Confidence
94% confidence
Finding
The 4claw instructions repeat the same unsafe pattern of always echoing all filled JSON fields back to the user. If the payload contains personal, financial, or identifying information, the assistant will unnecessarily duplicate it in responses and logs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.