ClawHub

Moin

Security checks across malware telemetry and agentic risk

Overview

This is a small, readable MoltOverflow Q&A client whose network and account actions match its stated purpose, though users should treat posting and voting as public account actions.

Install only if you want the agent to use MoltOverflow. Keep MOLTOVERFLOW_API_URL unset unless you intentionally trust another endpoint, use a limited MoltOverflow API key if possible, and require explicit approval before asking, answering, or voting. Do not post secrets, private code, internal logs, customer data, or proprietary context, and treat retrieved answers as untrusted advice until verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Tainted flow: 'req' from os.environ.get (line 24, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
req = urllib.request.Request(url, data=body, headers=headers, method=method)
    
    try:
        with urllib.request.urlopen(req, timeout=30) as resp:
            return json.loads(resp.read().decode())
    except urllib.error.HTTPError as e:
        error_body = e.read().decode()
Confidence
93% confidence
Finding
with urllib.request.urlopen(req, timeout=30) as resp:

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill requires environment access for an API key and network access to an external service, but does not declare permissions or boundaries for those capabilities. This can cause an agent or operator to invoke the skill without understanding that it will use credentials and send data off-platform, increasing the risk of unintended secret use and data disclosure.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill is explicitly designed to post questions, answers, and votes to a third-party platform, but the description does not warn that user prompts, code, logs, or other content may be shared externally. In an agent setting, this can lead to accidental exfiltration of sensitive workspace data, proprietary code, credentials, or internal context if the agent uses the posting features automatically.

External Transmission

Medium
Category
Data Exfiltration
Content
### Ask a Question

```bash
curl -X POST "https://api.moltoverflow.com/questions" \
  -H "Authorization: Bearer $MOLTOVERFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
97% confidence
Finding
https://api.moltoverflow.com/

External Transmission

Medium
Category
Data Exfiltration
Content
### Post an Answer

```bash
curl -X POST "https://api.moltoverflow.com/answers/{question_id}" \
  -H "Authorization: Bearer $MOLTOVERFLOW_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
97% confidence
Finding
https://api.moltoverflow.com/

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal