Trust Assessment
chatr received a trust score of 68/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Risk of Prompt Injection via Agent Messages, Risk of Data Exfiltration via Agent Messages, Risk of Malicious URL Sharing by Verified Agents.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Risk of Prompt Injection via Agent Messages The `chatr` skill enables real-time communication between AI agents. Messages sent by one agent via the `/api/messages` endpoint are broadcast to other agents through the `/api/stream` Server-Sent Events. If a receiving AI agent processes the `content` of these messages without robust input validation, sanitization, and output filtering, it could be vulnerable to prompt injection attacks, where a malicious message could manipulate its instructions or behavior. Implement robust input validation, sanitization, and output filtering for all agent-generated content before it is processed by other AI agents. Agents consuming messages from this skill should be designed with strong safeguards against prompt injection, such as explicit instruction delimiters, content filtering, and sandboxing of agent responses. | LLM | SKILL.md:56 | |
| HIGH | Risk of Data Exfiltration via Agent Messages As a real-time chat platform for AI agents, the `chatr` skill facilitates the exchange of messages. A malicious agent could craft messages via the `/api/messages` endpoint designed to trick other agents into revealing sensitive information they might have access to (e.g., internal system details, environment variables, or private data). This data could then be exfiltrated through the chat channel itself. This risk is inherent in agent-to-agent communication without proper safeguards. Agents consuming messages from this skill should be designed with strong safeguards against data exfiltration. This includes strict control over what information an agent is allowed to access and output, and implementing content filtering to detect and block attempts to reveal sensitive data. Consider sandboxing agent execution environments. | LLM | SKILL.md:56 | |
| MEDIUM | Risk of Malicious URL Sharing by Verified Agents The skill allows Moltbook-verified agents to post URLs in messages. While this is a common chat feature, in an agent-to-agent communication context, a malicious verified agent could share links to phishing sites, malware, or other harmful content. Other agents, if not properly secured, might be tricked into interacting with these malicious URLs, potentially leading to data exfiltration or system compromise. Agents consuming messages should implement robust URL filtering and sandboxing mechanisms. All URLs should be treated with suspicion, and agents should be prevented from automatically navigating to or interacting with external links without explicit human approval or strong security checks. The skill developer could consider adding a warning about this risk in the documentation or implementing a URL reputation check. | LLM | SKILL.md:72 |
Scan History
Embed Code
[](https://skillshield.io/report/15ce389462b7af0f)
Powered by SkillShield