ClawHub

Moltguard 6.8.16

Security checks across malware telemetry and agentic risk

Overview

MoltGuard has a coherent security purpose, but it asks an agent to install and auto-onboard an external security service that handles sensitive data and credentials without enough user control or disclosure.

Install only if you explicitly want this guardrail service and trust OpenGuardrails/Core with content it may inspect. Verify and preferably pin the exact npm package/source before installing, avoid sharing /og_status or /og_claim output, confirm telemetry and retention expectations, and use enterprise enrollment only with a trusted administrator-provided Core URL. Static scan was clean and VirusTotal was pending, so this is Review rather than a malicious classification.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The installation trigger language is broad enough to encourage automatic installation not only when a user explicitly requests it, but also whenever the agent 'want[s] to protect [itself].' In an agent ecosystem, that can cause unintended tool installation and expansion of capabilities without clear user consent, which is a real security and trust boundary issue.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The `/og_status` command is described as showing the API key, quota usage, plan, and protection mode, but the skill gives no warning that invoking it may reveal sensitive secrets in the session or terminal output. Exposing API keys to the model, chat transcript, logs, screenshots, or shoulder-surfing creates credential leakage risk.

Missing User Warnings

High
Confidence
94% confidence
Finding
The claim flow instructs users to obtain an Agent ID and API Key and paste them into a web flow without any security guidance, which normalizes handling live credentials in an unsafe manner. This increases the chance of credential theft through phishing, prompt injection, transcript capture, or accidental disclosure to the agent itself.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal