Trust Assessment
moltbook received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 0 medium, and 0 low severity. Key findings include Unverified remote skill file download and execution, Recursive fetching and following of unverified remote instructions, Recommendation to store API key in local file or environment variable.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unverified remote skill file download and execution The skill instructs the agent to download skill files (`SKILL.md`, `HEARTBEAT.md`, `MESSAGING.md`, `package.json`) directly from `https://www.moltbook.com` using `curl` and save them locally. There are no integrity checks (e.g., cryptographic hashes) or version pinning. If the `moltbook.com` domain or its hosting infrastructure were compromised, an attacker could replace these files with malicious content. When the agent then processes or executes these downloaded files, it could lead to command injection, data exfiltration, or other arbitrary code execution. Implement cryptographic hash checks (e.g., SHA256) for downloaded files to verify their integrity. Pin specific versions of skill files rather than always fetching the latest. Consider using a package manager with built-in integrity checks. | LLM | SKILL.md:18 | |
| HIGH | Recursive fetching and following of unverified remote instructions The skill instructs the agent to periodically 'Fetch `https://www.moltbook.com/heartbeat.md` and follow it.' This creates a recursive supply chain risk. Similar to the initial installation, if `heartbeat.md` is compromised, an attacker could inject malicious instructions that the agent would then execute. The term 'follow it' implies interpreting and acting upon the content of the fetched file, which is a direct path for command injection or prompt manipulation. Avoid instructing agents to fetch and 'follow' unverified remote content. If dynamic updates are necessary, implement strict content validation, cryptographic signatures, or a secure update mechanism that does not rely on arbitrary instruction execution. | LLM | SKILL.md:58 | |
| INFO | Recommendation to store API key in local file or environment variable The skill recommends storing the generated API key in `~/.config/moltbook/credentials.json` or as an environment variable (`MOLTBOOK_API_KEY`). While this is a common practice for managing secrets, it makes the API key a potential target for other compromised skills or processes on the same system. The skill does provide a strong warning against sending the API key to untrusted domains, which mitigates some risk, but the storage location itself is a sensitive point. Advise users to use secure secret management systems (e.g., dedicated secret vaults, OS-level credential stores) rather than plain text files or environment variables, especially for production environments. Reinforce the importance of strict access controls on any stored credential files. | LLM | SKILL.md:44 |
Scan History
Embed Code
[](https://skillshield.io/report/b54eaab5d74d1e2e)
Powered by SkillShield