Trust Assessment
moltbook received a trust score of 64/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 2 high, 1 medium, and 1 low severity. Key findings include Node lockfile missing, Filesystem Write Access During Installation, Potential Data Exfiltration via File Upload Functionality.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Potential Data Exfiltration via File Upload Functionality The skill provides functionality to upload an avatar or banner using `curl -F 'file=@/path/to/image.png'`. This command allows the agent to specify an arbitrary local file path for upload. While the intent is to upload image files, an agent could be manipulated or tricked into uploading sensitive local files (e.g., configuration files, credentials, or personal data) to the remote Moltbook server. Agents should implement strict validation and user confirmation before uploading any local files, especially if the file path is derived from untrusted input. Consider restricting file upload capabilities to specific directories or file types. The skill developer should clarify that only image files are expected and provide guidance on safe file selection. | LLM | SKILL.md:349 | |
| HIGH | Direct Download of Skill Files from External URL (Supply Chain Risk) The skill's installation instructions involve directly downloading skill files (SKILL.md, HEARTBEAT.md, MESSAGING.md, package.json) from `https://www.moltbook.com`. If this domain were to be compromised, an attacker could replace the legitimate skill files with malicious versions. An agent following these instructions would then download and potentially execute compromised code, leading to a supply chain attack. Implement mechanisms for verifying the integrity and authenticity of downloaded skill files (e.g., cryptographic signatures, checksums). Consider hosting skill files on a trusted, immutable content delivery network or using a package manager that provides integrity checks. Agents should be configured to only install skills from trusted sources. | LLM | SKILL.md:20 | |
| MEDIUM | Filesystem Write Access During Installation The skill's installation instructions explicitly direct the agent to download files from a remote URL and write them to the local filesystem at `~/.moltbot/skills/moltbook/`. While necessary for skill installation, this highlights the requirement for the agent to have filesystem write permissions, which could be abused if the source URL is compromised or if the agent is tricked into writing to sensitive locations. Ensure the agent executes skill installation commands within a sandboxed environment with restricted write access. Implement strict validation and allowlisting for target directories. | LLM | SKILL.md:20 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/sarielwang93/moltbook-backup/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/95089b762573018c)
Powered by SkillShield