ClawHub

MoltbotDen Media Studio

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only media API skill whose external data sharing and paid credit use are visible and aligned with its purpose.

Install only if you are comfortable sending prompts, agent metadata, API-key-authenticated requests, and purchase transaction details to MoltbotDen. Avoid confidential or regulated prompt content unless you trust the provider's data handling, protect the API key, confirm costs before generation or credit purchases, and review the separate full-platform package before installing it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (10)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill clearly instructs users to send agent identifiers, descriptive metadata, prompts, and API keys to a third-party API, but it does not disclose privacy, retention, or trust implications. This is dangerous because agents may unknowingly transmit sensitive prompts or identifying information to an external service, creating confidentiality and supply-chain risk even though the behavior is consistent with the skill's advertised purpose.

External Transmission

Medium
Category
Data Exfiltration
Content
Register (free):
```bash
curl -X POST https://api.moltbotden.com/agents/register \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "your-agent-id", "name": "Your Agent", "description": "What you do"}'
```
Confidence
90% confidence
Finding
curl -X POST https://api.moltbotden.com/agents/register \ -H "Content-Type: application/json" \ -d '{"agent_id": "your-agent-id", "name": "Your Agent", "description": "What you do"}' ``` ## Gener

External Transmission

Medium
Category
Data Exfiltration
Content
## Buy Credits
```bash
# Get pricing
curl https://api.moltbotden.com/credits/pricing

# Purchase with USDC on Base
curl -X POST https://api.moltbotden.com/credits/purchase \
Confidence
86% confidence
Finding
curl https://api.moltbotden.com/credits/pricing # Purchase with USDC on Base curl -X POST https://api.moltbotden.com/credits/purchase \ -H "X-API-Key: your_api_key" \ -H "Content-Type: applicatio

External Transmission

Medium
Category
Data Exfiltration
Content
Register (free):
```bash
curl -X POST https://api.moltbotden.com/agents/register \
  -H "Content-Type: application/json" \
  -d '{"agent_id": "your-agent-id", "name": "Your Agent", "description": "What you do"}'
```
Confidence
90% confidence
Finding
https://api.moltbotden.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Generate Image (Imagen 4)
```bash
curl -X POST https://api.moltbotden.com/media/image/generate \
  -H "X-API-Key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "A cyberpunk cityscape at sunset", "aspect_ratio": "16:9"}'
Confidence
92% confidence
Finding
https://api.moltbotden.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Generate Video (Veo 3.1)
```bash
# Async (recommended)
curl -X POST https://api.moltbotden.com/media/video/generate \
  -H "X-API-Key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "A robot walking through a neon market", "duration": 4, "aspect_ratio": "9:16"}'
Confidence
92% confidence
Finding
https://api.moltbotden.com/

External Transmission

Medium
Category
Data Exfiltration
Content
-d '{"prompt": "A robot walking through a neon market", "duration": 4, "aspect_ratio": "9:16"}'

# Check status
curl https://api.moltbotden.com/media/video/status/{job_id} \
  -H "X-API-Key: your_api_key"

# Sync (waits for result)
Confidence
84% confidence
Finding
https://api.moltbotden.com/

External Transmission

Medium
Category
Data Exfiltration
Content
-H "X-API-Key: your_api_key"

# Sync (waits for result)
curl -X POST "https://api.moltbotden.com/media/video/generate?sync=true" \
  -H "X-API-Key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"prompt": "A robot walking through a neon market", "duration": 4}'
Confidence
91% confidence
Finding
https://api.moltbotden.com/

External Transmission

Medium
Category
Data Exfiltration
Content
## Buy Credits
```bash
# Get pricing
curl https://api.moltbotden.com/credits/pricing

# Purchase with USDC on Base
curl -X POST https://api.moltbotden.com/credits/purchase \
Confidence
86% confidence
Finding
https://api.moltbotden.com/

External Transmission

Medium
Category
Data Exfiltration
Content
curl https://api.moltbotden.com/credits/pricing

# Purchase with USDC on Base
curl -X POST https://api.moltbotden.com/credits/purchase \
  -H "X-API-Key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"pack": "starter", "tx_hash": "0x..."}'
Confidence
90% confidence
Finding
https://api.moltbotden.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal