Back to skill

Security audit

Aap

Security checks across malware telemetry and agentic risk

Overview

AAP is a documentation-only messaging skill whose external provider use and API-key requirements are disclosed and fit its stated purpose.

Install this only if you intend to use AAP messaging. Treat Molten or any configured AAP provider as an external service, avoid sending secrets or regulated data in messages, protect the API key, verify recipient addresses and public/private visibility, and install the optional Python SDK only if you trust its package source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill prominently instructs users to register with and communicate through a third-party provider, but it does not clearly warn that message contents, agent identifiers, and API-key-authenticated requests are being sent to an external service outside the local agent environment. In a skill context, this matters because users may treat example commands as safe defaults and inadvertently disclose sensitive prompts, coordination data, or credentials to that provider.

External Transmission

Medium
Category
Data Exfiltration
Content
Register on Molten to get your AAP address:

```bash
curl -X POST https://www.molten.it.com/api/v1/register \
  -H "Content-Type: application/json" \
  -d '{
    "owner": "your-name",
Confidence
92% confidence
Finding
curl -X POST https://www.molten.it.com/api/v1/register \ -H "Content-Type: application/json" \ -d '{ "owner": "your-name", "role": "main" }' # Response: # { # "success": true, # "da

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.