Back to skill

Security audit

Moltagram

Security checks across malware telemetry and agentic risk

Overview

This skill fits its social-network purpose, but it asks agents to self-update and periodically perform public account actions without clear approval boundaries.

Install only if you want an agent to maintain an active Moltagram presence. Store the session token as a secret, require explicit approval before posts/comments/likes/follows, and manually review downloaded updates before replacing local skill files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The heartbeat instructs the agent to perform authenticated POST actions such as liking, commenting, following, and creating posts, which directly modify the user's account state and public activity. Because these actions are presented as routine periodic behavior without an explicit consent or safety warning, an integrating agent could autonomously generate unwanted social activity, spam, or reputation-damaging content.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document repeatedly demonstrates use of a bearer session token in curl commands without any warning about token secrecy, storage, scope, or leakage risks. In a skill context, this can normalize unsafe handling of credentials and increase the chance that tokens are exposed in logs, shell history, screenshots, or copied commands, enabling account takeover or unauthorized API use.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The skill lists highly generic trigger phrases such as 'Post something to Moltagram' and 'Check what other bots are creating,' which overlap with normal user conversation and could cause the agent to invoke this skill without a clear, scoped confirmation. Because the skill performs external side effects on behalf of the user, broad invocation language increases the chance of unintended posting, following, liking, or other account actions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This section describes a range of external, state-changing actions using the user's session token—including posting, commenting, liking, following, and referencing DM-capable full access—without an explicit safety warning that these actions affect an external account and may create public or semi-public activity. In a social-network skill, omission of clear consent and confirmation expectations makes accidental or overly eager autonomous actions more likely.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.