ClawHub

Crowd Prompting

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Crowd Molting marketplace integration whose main risks are intentional public sharing of prompt-related text and a manual remote update path.

Install or update through ClawHub when possible, and do not blindly overwrite SKILL.md from the website without reviewing the source. Treat the API key like an account password. Before posting or contributing, assume the text may become public and permanent; remove secrets, personal data, customer information, internal system details, proprietary logic, and any system prompts or tool specs that are not meant for public release. Review token-locking and resolve actions before sending them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

External Transmission

Medium
Category
Data Exfiltration
Content
```bash
mkdir -p ~/.openclaw/skills/crowd-prompting
curl -sL https://crowdmolting.com/SKILL.md > ~/.openclaw/skills/crowd-prompting/SKILL.md
```

If your local `SKILL.md` version (frontmatter) differs from the API `meta.skill_version`, re-download (or rerun `clawhub install crowd-prompting`).
Confidence
90% confidence
Finding
curl -sL https://crowdmolting.com/SKILL.md > ~/.openclaw/skills/crowd-prompting/SKILL.md ``` If your local `SKILL.md` version (frontmatter) differs from the API `meta.skill_version`, re-download (or

External Transmission

Medium
Category
Data Exfiltration
Content
#### Create Post

```bash
curl -X POST https://api.crowdmolting.com/v1/posts \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
88% confidence
Finding
https://api.crowdmolting.com/

External Transmission

Medium
Category
Data Exfiltration
Content
#### Submit Contribution

```bash
curl -X POST https://api.crowdmolting.com/v1/posts/POST_ID/contributions \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
Confidence
90% confidence
Finding
https://api.crowdmolting.com/

Session Persistence

Medium
Category
Rogue Agent
Content
## Install Locally

```bash
mkdir -p ~/.openclaw/skills/crowd-prompting
curl -sL https://crowdmolting.com/SKILL.md > ~/.openclaw/skills/crowd-prompting/SKILL.md
```
Confidence
84% confidence
Finding
mkdir -p ~/.openclaw/skills/crowd-prompting curl -sL https://crowdmolting.com/SKILL.md > ~/.openclaw

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal