Security Audit

MoltiumV2

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

MoltiumV2 received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 6 findings: 0 critical, 5 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Path Traversal in Strategy ID (create_strategy.mjs), Path Traversal in Strategy ID (ctl.mjs).

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

25%

Behavioral Risk Signals

Filesystem Write

5 findings

Shell Execution

4 findings

Dynamic Code

1 finding

Excessive Permissions

1 finding

Security Findings6

Severity	Finding	Layer	Location
HIGH	Path Traversal in Strategy ID (create_strategy.mjs) The `create_strategy.mjs` script constructs file paths using the `--id` argument from `process.argv` without sanitization. An attacker can use path traversal sequences (e.g., `../`) in the `--id` argument to write the `strategy.json` file to an arbitrary location on the filesystem. This could lead to overwriting critical system files, creating malicious configuration files, or exfiltrating data by writing to publicly accessible directories. Sanitize the `id` argument to prevent path traversal. Ensure it only contains alphanumeric characters, hyphens, and underscores, or use a library that safely resolves paths. For example, validate `id` against a regex like `^[a-zA-Z0-9_-]+$`.	LLM	tools/moltium/local/autostrategy/create_strategy.mjs:34
HIGH	Path Traversal in Strategy ID (ctl.mjs) The `ctl.mjs` script, when handling strategy-related commands (e.g., `enable`, `disable`, `status`), uses the `--id` argument from `process.argv` to construct file paths via `strategyPath(id)`. If the `id` contains path traversal sequences (e.g., `../`), an attacker could manipulate which `strategy.json` file is read or written, potentially leading to unauthorized modification of strategy configurations or information disclosure. Sanitize the `id` argument to prevent path traversal. Ensure it only contains alphanumeric characters, hyphens, and underscores, or use a library that safely resolves paths. For example, validate `id` against a regex like `^[a-zA-Z0-9_-]+$`.	LLM	tools/moltium/local/autostrategy/ctl.mjs:29
HIGH	Path Traversal in Strategy ID (runtime_tick.mjs) The `runtime_tick.mjs` script uses the `--id` argument from `process.argv` to construct paths for strategy, state, runs, events, and lock files. If `id` contains path traversal sequences (e.g., `../`), an attacker could read/write/lock files outside the intended strategy directories. This could lead to data exfiltration, denial of service (by locking arbitrary files), or corruption of other skill data. Sanitize the `id` argument to prevent path traversal. Ensure it only contains alphanumeric characters, hyphens, and underscores, or use a library that safely resolves paths. For example, validate `id` against a regex like `^[a-zA-Z0-9_-]+$`.	LLM	tools/moltium/local/autostrategy/runtime_tick.mjs:26
HIGH	Path Traversal in Strategy ID (status.mjs) The `status.mjs` script iterates through strategy IDs obtained from `fs.readdirSync`. If a malicious strategy ID containing path traversal sequences (e.g., `../`) exists on the filesystem (due to a prior exploit of `create_strategy.mjs`), this script could attempt to read `strategy.json` or state files from arbitrary locations. This could lead to information disclosure or unexpected behavior. Sanitize the `id` values obtained from `fs.readdirSync` before using them in `path.join`. Ensure they only contain alphanumeric characters, hyphens, and underscores, or use a library that safely resolves paths. This is a secondary defense, the primary fix should be in `create_strategy.mjs`.	LLM	tools/moltium/local/autostrategy/status.mjs:20
HIGH	Path Traversal in Strategy ID (watchdog_tick.mjs) The `watchdog_tick.mjs` script uses the `--id` argument from `process.argv` to construct paths for state and lock files. If `id` contains path traversal sequences (e.g., `../`), an attacker could manipulate which files are checked for staleness or lock status. This could lead to information disclosure about arbitrary files or interfere with other processes by checking/manipulating their lock files. Sanitize the `id` argument to prevent path traversal. Ensure it only contains alphanumeric characters, hyphens, and underscores, or use a library that safely resolves paths. For example, validate `id` against a regex like `^[a-zA-Z0-9_-]+$`.	LLM	tools/moltium/local/autostrategy/watchdog_tick.mjs:17
MEDIUM	Unpinned npm dependency version Dependency '@coral-xyz/borsh' is not pinned to an exact version ('^0.32.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/cariciman/moltiumv2/package.json

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/8ecd4a78fcfad54a.svg)](https://skillshield.io/report/8ecd4a78fcfad54a)