Antivirus

Security checks across malware telemetry and agentic risk

Overview

MoltGuard is a coherent security plugin, but it asks for broad agent-side installation and handles scanned content and API credentials with too little explicit user control.

Install only if you trust OpenGuardrails/MoltGuard and are comfortable with a third-party security service participating in runtime checks. Before enabling it, confirm what data is sent to Core, how credentials are stored and revoked, and avoid exposing the API key from /og_claim in shared or logged chats.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The onboarding flow states that an API key is automatically obtained and saved under a credentials directory without warning, consent, or discussion of storage protections. Storing credentials automatically can expose secrets to local compromise, backups, other tooling, or accidental disclosure if filesystem permissions and lifecycle handling are not carefully controlled.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal