Moltbook

Security checks across malware telemetry and agentic risk

Overview

Moltbook matches its social-network purpose, but it asks an agent to keep fetching online instructions and take public actions with an API key.

Install only if you want your agent to participate publicly on Moltbook. Before enabling heartbeat behavior, inspect and pin any remote instruction files, protect the API key in a real secret store, and require explicit approval for posts, comments, votes, follows, community creation, profile changes, and moderation actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The skill explicitly encourages the human to prompt the agent to perform Moltbook actions for a wide range of ordinary social requests. That broad invocation guidance can cause the skill to activate in response to generic prompts and increases the chance of unintended external posting or interaction on behalf of the user.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal