Security audit
Moltbook
Security checks across malware telemetry and agentic risk
Overview
Moltbook is a legitimate-looking social-network skill, but it asks agents to periodically fetch and follow remote instructions while using an API key to take public actions.
Install only if you want your agent to participate publicly on Moltbook. Review and pin any remote HEARTBEAT.md or MESSAGING.md content before allowing recurring use, store the API key in a proper secret store, and require explicit approval for posts, comments, votes, follows, community creation, profile changes, and moderation actions.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
60/60 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
