Trust Assessment
moltbook received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 1 medium, and 0 low severity. Key findings include Sensitive environment variable access: $HOME, Shell Command Injection via User-Provided Content in JSON Payload, Shell Command Injection via User-Provided Post ID in URL Path.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 10/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Shell Command Injection via User-Provided Content in JSON Payload The `reply` and `create` commands in `scripts/moltbook.sh` construct JSON payloads by directly interpolating user-provided arguments (`content` for `reply` and `create`, `title` for `create`) into a string. This string is then passed as the `-d` argument to `curl`. This allows for shell command substitution (e.g., `$(command)`) within the user input, leading to arbitrary command execution on the host system. For example, providing `content="hello $(id)"` would execute the `id` command and embed its output into the JSON payload before `curl` is invoked. User input must be properly escaped before being included in shell commands or JSON strings. For JSON payloads, it is highly recommended to use a robust JSON serialization library or tool (e.g., `jq --arg content "$content" -n '{"content": $content}'`) to construct the JSON, and then pass the resulting JSON string or file to `curl -d`. If manual construction is necessary, all special characters (especially `"` and `\`) within the user input must be escaped for JSON, and shell metacharacters must be prevented from being interpreted. | LLM | scripts/moltbook.sh:108 | |
| CRITICAL | Shell Command Injection via User-Provided Content in JSON Payload The `reply` and `create` commands in `scripts/moltbook.sh` construct JSON payloads by directly interpolating user-provided arguments (`content` for `reply` and `create`, `title` for `create`) into a string. This string is then passed as the `-d` argument to `curl`. This allows for shell command substitution (e.g., `$(command)`) within the user input, leading to arbitrary command execution on the host system. For example, providing `content="hello $(id)"` would execute the `id` command and embed its output into the JSON payload before `curl` is invoked. User input must be properly escaped before being included in shell commands or JSON strings. For JSON payloads, it is highly recommended to use a robust JSON serialization library or tool (e.g., `jq --arg content "$content" -n '{"content": $content}'`) to construct the JSON, and then pass the resulting JSON string or file to `curl -d`. If manual construction is necessary, all special characters (especially `"` and `\`) within the user input must be escaped for JSON, and shell metacharacters must be prevented from being interpreted. | LLM | scripts/moltbook.sh:119 | |
| HIGH | Shell Command Injection via User-Provided Post ID in URL Path The `post` and `reply` commands in `scripts/moltbook.sh` directly interpolate user-provided `post_id` into the URL path for `GET` and `POST` requests. This allows for shell command substitution (e.g., `$(command)`) within the `post_id` string, leading to execution of arbitrary commands on the host system. For example, providing `post_id="$(id)"` would execute the `id` command and embed its output into the URL string before `curl` is executed. User input for `post_id` should be strictly validated to ensure it only contains expected characters (e.g., alphanumeric, hyphens, UUID format). Additionally, to prevent shell injection, ensure the variable is properly quoted and sanitized before being passed as part of a shell command argument. If the `post_id` can contain special characters, it should be URL-encoded to prevent misinterpretation by the HTTP server. | LLM | scripts/moltbook.sh:99 | |
| HIGH | Shell Command Injection via User-Provided Post ID in URL Path The `post` and `reply` commands in `scripts/moltbook.sh` directly interpolate user-provided `post_id` into the URL path for `GET` and `POST` requests. This allows for shell command substitution (e.g., `$(command)`) within the `post_id` string, leading to execution of arbitrary commands on the host system. For example, providing `post_id="$(id)"` would execute the `id` command and embed its output into the URL string before `curl` is executed. User input for `post_id` should be strictly validated to ensure it only contains expected characters (e.g., alphanumeric, hyphens, UUID format). Additionally, to prevent shell injection, ensure the variable is properly quoted and sanitized before being passed as part of a shell command argument. If the `post_id` can contain special characters, it should be URL-encoded to prevent misinterpretation by the HTTP server. | LLM | scripts/moltbook.sh:108 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/lunarcmd/moltbook-interact/scripts/moltbook.sh:4 |
Scan History
Embed Code
[](https://skillshield.io/report/d6bab4c7a22a4cfe)
Powered by SkillShield