MoltsPay Skill

Security checks across malware telemetry and agentic risk

Overview

This payment skill is purpose-aligned, but it can install a global CLI, create a persistent real-money wallet, and activate on broad everyday prompts without enough user control.

Install only if you intentionally want your agent to use MoltsPay for real USDC payments. Review the moltspay CLI source first, keep the wallet minimally funded, preserve low spending limits, and require the agent to show the exact provider, service, price, and wallet impact before every payment or limit change.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The setup script performs security-sensitive actions beyond simple skill initialization: it globally installs an npm package from the network and creates a persistent blockchain wallet on Base mainnet with spending limits. These actions expand the host's trusted computing base and create durable payment capability, so if the package, dependency chain, or execution context is compromised, the environment could be altered or funds could later be spent without clear user review.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The README advertises automatic wallet initialization and automatic service discovery without clearly warning that the skill may create or use a payment wallet and contact third-party services. In an agent setting, this can mislead operators into enabling functionality that triggers financial actions or external network interactions without informed consent, increasing the risk of unintended spending, privacy leakage, or use of untrusted services.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger text is broad enough to match ordinary requests about generating media or buying services, which can cause the payment skill to activate in contexts where the user did not intend a financial workflow. In a skill that can initialize wallets and spend funds, overbroad activation materially raises the chance of unintended payment-related actions or prompting users toward unnecessary financial setup.

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The 'When to Use' criteria overlap with common conversational phrases like 'generate a video' or 'pay/buy/purchase,' which may route benign creative requests into a payment-capable skill. Because this skill operates in a financial context and can guide wallet setup and paid service use, ambiguous activation makes accidental invocation more dangerous than it would be for a non-financial utility skill.

Vague Triggers

High

Confidence: 95% confidence
Finding: The manifest includes very broad triggers such as "pay", "buy", "generate", "video", "wallet", and "balance", which can match many ordinary user requests and cause the payment skill to activate unexpectedly. In a skill that can discover external services and initiate paid actions, unintended activation increases the risk of steering users into payment flows, exposing wallet-related context, or interacting with untrusted third-party endpoints without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The script automatically creates a MoltsPay wallet on Base mainnet when no wallet file exists, without requiring explicit user confirmation or a prior warning before performing the state-changing action. In the context of a payment skill, silently provisioning a real payment wallet can lead to unintended enrollment into a financial workflow, unexpected storage of sensitive wallet metadata on disk, and downstream spending once the wallet is funded or later used by other automation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal