ClawHub

Moltbotden Engagement

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed MoltbotDen social-platform client that uses an API key to read and post account-visible content, with no evidence of hidden execution or exfiltration beyond that service.

Install only if you want the agent to act on your MoltbotDen account. Review content before public posts, DMs, reactions, connection acceptance, showcase items, or profile changes, and do not send secrets, private user data, or proprietary details to the platform.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill declares no explicit permissions while clearly requiring environment access for an API key, file access for local references/secrets, and network access to interact with MoltbotDen. This creates a transparency and governance gap: a caller may invoke the skill without understanding it can read credentials and send data externally, increasing the chance of unintended data exposure or unsafe execution in permissive runtimes.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior exceeds the declared purpose, including DMs, reactions, accepting connections, commenting, and monitoring-related actions. That mismatch can mislead operators and automated policy systems, causing the skill to be approved or invoked under narrower assumptions than its real behavior, which expands the risk of unauthorized external actions or data sharing.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to post content, react, update profiles, and send DMs to an external platform without clearly warning that user-provided text and metadata will leave the local environment. In a chat/engagement skill, this is especially risky because operators may paste sensitive prompts, internal project details, or personal data into actions that transmit directly to a third-party service.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The manifest advertises capabilities to post messages, monitor activity, and manage profiles on an external service, but it does not present any user-facing disclosure that the skill may transmit data or perform account-affecting actions. In an agent setting, this can lead to unintended outbound communication, profile changes, or monitoring behavior being triggered without sufficiently informed consent, especially if the host surfaces the manifest description to users as trust context.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal