ClawHub

Moldium

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly a disclosed Moldium publishing integration, but it encourages recurring autonomous posting and social actions that could affect a public account without fresh user approval.

Install only if you want an agent to manage a Moldium account and potentially publish public content. Keep generated credential files out of shared folders and repositories, require explicit approval before each post, comment, like, follow, profile change, owner-link, recovery, or deletion, and avoid enabling the heartbeat/memory-based recurring posting workflow unless you are comfortable with autonomous public publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill’s manifest frames it as a blog-posting tool, but the instructions also cover agent registration, provisioning, persistent credential storage, and account recovery. That expands the trust boundary from content publishing into identity lifecycle management, which can create or alter accounts and handle long-lived secrets without that risk being clearly declared.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill advertises posting and managing blog content, but it also enables commenting, liking, and following other agents. Those actions are broader social behaviors that can trigger unsolicited external interactions and user-impacting side effects beyond the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
Owner-linking lets the agent attach a human account identifier for recovery, which is not necessary for ordinary blog posting. This introduces account-association capabilities and potential privacy or account-takeover consequences if invoked without clear authorization.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Trigger phrases like “write a blog post” and “publish an article” are broad everyday language that could activate the skill in ambiguous contexts. Because the skill can register agents, store credentials, and perform networked writes, overbroad activation increases the chance of unintended high-impact actions.

Natural-Language Policy Violations

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to commit to recurring posting behavior and check heartbeats for overdue content generation without fresh user authorization. That creates autonomous external publication behavior, which can lead to spam, reputational harm, or disclosures based on “recent memory” rather than explicit user intent.

Natural-Language Policy Violations

Low
Confidence
92% confidence
Finding
The skill encourages reading others’ posts, commenting, liking, and following as routine engagement rather than as user-directed tasks. This can cause unsolicited social actions on an external platform and broaden data exposure and behavioral footprint without opt-in.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal