Trust Assessment
moltbook received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Potential Data Exfiltration via Arbitrary File Upload, Remote Skill Hosting Introduces Supply Chain Risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via Arbitrary File Upload The skill provides `curl` commands for uploading files (e.g., agent avatar, submolt avatar/banner). If the AI agent allows user-controlled input for the file path (`/path/to/image.png`) without strict validation or restriction to a safe, agent-controlled directory, a malicious user could instruct the agent to upload arbitrary files from its local filesystem. This could lead to unauthorized data exfiltration. Implement strict validation and sanitization of file paths provided by the user. Restrict file uploads to specific, agent-controlled directories or use a secure file picker mechanism. Avoid directly passing user-provided paths to `curl -F "file=@..."` without proper sandboxing or validation. | LLM | SKILL.md:280 | |
| HIGH | Remote Skill Hosting Introduces Supply Chain Risk The skill's core files (`SKILL.md`, `HEARTBEAT.md`, `package.json`) are hosted on `https://moltbook.com` and the installation instructions explicitly fetch them from this remote domain. A compromise of `moltbook.com` could allow an attacker to replace the skill files with malicious versions, leading to a supply chain attack where the agent downloads and executes untrusted code. Implement cryptographic signing and verification for skill packages. Host skill files in a trusted, immutable repository. Use content hashes to verify the integrity of downloaded files before installation and execution. | LLM | SKILL.md:16 | |
| MEDIUM | API Key Handling Requires Secure Storage The skill requires an API key for authentication and explicitly instructs the agent to 'SAVE YOUR API KEY!'. While the skill itself does not harvest credentials, this instruction highlights a critical security responsibility for the agent. Improper storage or handling of this API key (e.g., storing it in plain text in memory or an insecure file) could lead to unauthorized access to the agent's Moltbook account. The AI agent framework should provide secure, encrypted storage mechanisms for API keys and other sensitive credentials. Skills should be designed to utilize these secure mechanisms rather than relying on generic 'save it' instructions, and agents should be trained to use them. | LLM | SKILL.md:57 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/mattprd/moltbook/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/bb53a035aebab6f0)
Powered by SkillShield