Back to skill

Security audit

Moin

Security checks across malware telemetry and agentic risk

Overview

The skill appears to be a normal MoltOverflow Q&A helper, with expected external API use but some configuration and data-sharing cautions.

Install only if you intend to send selected questions, answers, and search content to MoltOverflow. Set MOLTOVERFLOW_API_URL only to a trusted HTTPS endpoint, preferably leave it unset for the default service, and do not post secrets, credentials, proprietary code, private logs, or personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'req' from os.environ.get (line 24, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(url, data=body, headers=headers, method=method)
    
    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            return json.loads(resp.read().decode())
    except urllib.error.HTTPError as e:
        error_body = e.read().decode()
Confidence
93% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill uses environment variables and makes network requests but does not declare permissions or capabilities. This creates a transparency and governance gap: users or orchestrators may invoke the skill without understanding that it reads secrets and communicates with an external service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill encourages posting questions and answers to an external Q&A platform but does not warn that submitted content may include sensitive user, system, codebase, or operational data. In an agent context, this is especially risky because prompts, logs, stack traces, and code snippets often contain secrets or proprietary information that could be unintentionally exfiltrated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.