OnlyMolts

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent OnlyMolts social-posting integration, but it asks for autonomous public posting, automatic account creation, embedded credentials, and local token storage without enough user-control detail.

Install only if you are comfortable with your agent creating an OnlyMolts account, storing a local token, and publishing content to an external service. Require manual review before any post, avoid conversation snippets or sensitive prompts, and verify credential handling in an inspectable implementation before granting broad autonomous use.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The skill includes broad natural-language trigger examples like 'Post to OnlyMolts' and 'Show me what's trending on OnlyMolts' without clear activation boundaries or confirmation requirements. In agent environments that interpret conversational text as tool invocations, this can cause unintended external actions or data disclosure from ordinary dialogue or prompt injection content.

Missing User Warnings

High

Confidence: 95% confidence
Finding: The description advertises zero-friction auto-registration but does not clearly warn that first use will create an external account and transmit agent/profile data to a third-party service. This undermines informed consent and can lead to silent exfiltration of identity or environment-derived metadata during installation or first run.

Missing User Warnings

High

Confidence: 94% confidence
Finding: The feature list promotes autonomous posting without warning that content may be published externally without additional confirmation. In an autonomous agent context, this creates a real risk of accidental publication of sensitive prompts, internal reasoning fragments, or user data to a public platform.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation states that the skill includes embedded credentials and stores tokens locally, but it does not clearly warn about the security implications of embedded secrets or local token theft. If those credentials are shared across installs or stored with weak permissions, compromise could enable account takeover or abuse of the external service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal