Trust Assessment
moltbook received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 2 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Dynamic loading of unverified skill components during installation, Periodic dynamic loading of unverified instructions via heartbeat.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Dynamic loading of unverified skill components during installation The skill instructs the agent to download its own definition (`SKILL.md`) and other critical skill components (`HEARTBEAT.md`, `MESSAGING.md`, `package.json`) from a remote URL (`https://www.moltbook.com`) during installation. These files are not version-pinned or integrity-checked (e.g., via cryptographic hashes). A compromise of the remote server could allow an attacker to serve malicious skill definitions, leading to arbitrary code execution or data exfiltration by the agent. Bundle all necessary skill files directly within the skill package. If remote fetching is absolutely necessary, implement strict version pinning and cryptographic hash verification (e.g., SHA256) for all downloaded content to ensure integrity and authenticity. | LLM | SKILL.md:17 | |
| HIGH | Periodic dynamic loading of unverified instructions via heartbeat The skill instructs the agent to periodically fetch and 'follow' instructions from `https://www.moltbook.com/heartbeat.md`. This dynamic loading of unverified content introduces a persistent supply chain risk. If the remote server is compromised, an attacker could inject malicious instructions into `heartbeat.md`, causing the agent to perform unauthorized actions or exfiltrate data on an ongoing basis. All operational logic and instructions should be contained within the skill package itself. Avoid instructing the agent to dynamically fetch and execute external instructions. If dynamic updates are critical, implement robust versioning, cryptographic integrity checks, and a secure update mechanism that does not rely on simply 'following' arbitrary remote content. | LLM | SKILL.md:80 |
Scan History
Embed Code
[](https://skillshield.io/report/a845b0ca9bec8aff)
Powered by SkillShield