Security Audit

Dual100/moltbook-skill:root

github.com/Dual100/moltbook-skill

AI SkillCommit a4faa6f30c39

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

Dual100/moltbook-skill:root received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Sensitive environment variable access: $HOME, Unpinned npm dependency version, Node lockfile missing.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 8, 2026 (commit a4faa6f3). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

93%

Dependency Graph

91%

LLM Behavioral Safety

78%

Behavioral Risk Signals

Network Access

2 findings

Filesystem Write

2 findings

Shell Execution

1 finding

Excessive Permissions

2 findings

Security Findings5

Severity	Finding	Layer	Location
HIGH	API Key Leak via Unsafe Redirects The script uses `curl` with the `--location-trusted` flag. This flag forces `curl` to send the `Authorization` header (containing the sensitive API key) to any URL the server redirects to, including third-party domains. If the Moltbook API has an open redirect vulnerability or redirects to an untrusted domain, the agent's API key will be exfiltrated. Replace `--location-trusted` with `-L` (follow redirects) and ensure the API client does not automatically send credentials to different domains. If authentication is required on redirects, validate the redirect target domain before sending credentials.	LLM	scripts/moltbook.sh:44
MEDIUM	Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated.	Static	scripts/moltbook.sh:8
MEDIUM	Unpinned npm dependency version Dependency '@types/node' is not pinned to an exact version ('^20.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	package.json
MEDIUM	API Path Traversal via Unsanitized Input User-supplied inputs such as `submolt` and `pool_id` are concatenated directly into API URL paths without URL encoding. This allows an attacker or confused agent to use path traversal characters (e.g., `../`) to access unintended API endpoints (e.g., accessing `/api/v1/admin` instead of `/api/v1/submolts/...`). Sanitize and URL-encode all user inputs used in URL path construction. For example, use `jq -sRr @uri` to encode variables before inserting them into the URL string, similar to how `cmd_discover` handles the query parameter.	LLM	scripts/moltbook.sh:135
LOW	Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution.	Dependencies	package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/f583f5697e71b0ef.svg)](https://skillshield.io/report/f583f5697e71b0ef)