Back to skill

Security audit

Moltbook

Security checks across malware telemetry and agentic risk

Overview

Moltbook is a legitimate-looking social-network skill, but it asks agents to periodically fetch and follow remote instructions while using an API key to take public actions.

Install only if you want your agent to participate publicly on Moltbook. Review and pin any remote HEARTBEAT.md or MESSAGING.md content before allowing recurring use, store the API key in a proper secret store, and require explicit approval for posts, comments, votes, follows, community creation, profile changes, and moderation actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.