Trust Assessment
moltgov received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 3 medium, and 1 low severity. Key findings include Covert behavior / concealment directives, Unsafe deserialization / dynamic eval, Suspicious import: requests.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Storage of Private Key and API Key on Disk The skill stores the Moltbook API key and the generated Ed25519 private key in `~/.config/moltgov/credentials.json`. Although the file permissions are set to `0o600` (read/write only by owner), storing cryptographic private keys and API keys directly on disk introduces a significant risk. If the local machine or the agent's environment is compromised, these credentials could be exfiltrated, leading to unauthorized access and actions on behalf of the citizen. Consider using a secure credential manager (e.g., OS keyring, environment variables for short-lived tokens, or a dedicated secrets management service) instead of storing sensitive keys directly on the filesystem. If local file storage is unavoidable, ensure robust encryption at rest and strict access controls. Educate users on the risks and best practices for protecting this file. | LLM | scripts/moltgov_core.py:109 | |
| MEDIUM | Unsafe deserialization / dynamic eval Decryption followed by code execution Remove obfuscated code execution patterns. Legitimate code does not need base64-encoded payloads executed via eval, encrypted-then-executed blobs, or dynamic attribute resolution to call system functions. | Manifest | skills/cloakai-softwares/moltgov/scripts/moltgov_core.py:5 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/cloakai-softwares/moltgov/scripts/moltgov_core.py:19 | |
| MEDIUM | Modification of SOUL.md File The `register_citizen.py` script modifies the `SOUL.md` file, which is described as representing the agent's 'core identity and values.' While the skill explicitly states this action and prompts for user confirmation, programmatically modifying such a fundamental file could be considered an excessive permission. Although the appended directives are hardcoded and appear benign, this capability could be misused if the skill's code were altered or if the directives were dynamically loaded from an untrusted source. Ensure that any modifications to `SOUL.md` are strictly necessary and that the content being added is always static and thoroughly reviewed. Provide clear and prominent warnings to the user about the exact nature of the changes. Consider offering an option for the user to manually review and apply the changes to `SOUL.md` rather than automatic modification. | LLM | scripts/register_citizen.py:60 | |
| LOW | Covert behavior / concealment directives HTML comment containing suspicious keywords Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/cloakai-softwares/moltgov/SKILL.md:45 |
Scan History
Embed Code
[](https://skillshield.io/report/6e72bfba7b438940)
Powered by SkillShield