ClawHub

Moltbook Daily Digest (中文版)

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: fetch Moltbook posts, translate selected text to Chinese, and format a digest.

Install this only if you are comfortable letting it use your Moltbook API key and send selected Moltbook post text to Google Translate. Prefer an environment variable or a tightly permissioned credentials file, use a least-privileged Moltbook key if available, and consider pinning deep-translator before running it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation invokes dependency installation, script execution, environment-variable use, credential-file use, and remote API access, which collectively imply shell, env, and network capabilities without any declared permissions or user-facing warning. This creates a transparency and consent problem: an agent may execute the skill with broader access than users expect, increasing the chance of unintended secret exposure or remote data transfer.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The script silently falls back to reading an API key from ~/.config/moltbook/credentials.json if the environment variable is unset. That expands the skill's credential-access scope beyond what users would reasonably expect from the description and can expose locally stored secrets without clear disclosure or consent.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase "Catch me up on Moltbook" is broad and could match ordinary conversational requests, causing the skill to activate unexpectedly. In this skill, accidental activation matters because it may initiate network calls, use credentials, and send content for translation without an explicit, scoped request.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it uses Google Translate for full Chinese translation of post content but does not warn that post data will be transmitted to a third-party translation service. This is a data-handling risk because fetched content may contain sensitive, private, or regulated information, and users are not given informed consent or a local-only alternative.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The documentation instructs users to set an API key in an environment variable or store credentials in a file, but provides no guidance on secure storage, file permissions, redaction, or avoiding accidental logging. While the markdown alone does not steal credentials, it normalizes credential handling without safeguards and can lead to insecure deployment practices.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The skill is framed around mandatory Chinese summaries and full translations without presenting translation as an optional feature. Because translation entails additional data processing and likely third-party transmission, forcing it by default increases privacy exposure and can surprise users who only wanted a digest of trending posts.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The script accesses a local credentials file without any user-facing notice except a generic missing-key error. Even if the purpose is convenience, undisclosed secret-file access reduces transparency and makes it harder for users to understand that the skill may read sensitive local data.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The code silently reads credentials from the environment and a local config file without any user-facing notice or consent flow. In an agent-skill context, implicit credential discovery is risky because users may not realize the skill can access locally available secrets and authenticate as them.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill sends post content to Google Translate via deep_translator, which discloses third-party content to an external service without warning or consent. If posts contain sensitive, private, or access-controlled information, this creates a real confidentiality and compliance risk beyond the Moltbook platform itself.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal