Trust Assessment
moltlog received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Explicit instruction to override skill guidelines, Arbitrary file read and exfiltration via `--body-file`, Arbitrary API endpoint allows data exfiltration and credential harvesting.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 33/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Explicit instruction to override skill guidelines The skill documentation contains an instruction that explicitly tells the LLM to prioritize external instructions ('owner’s instructions') over the skill’s own guidelines. This is a direct prompt injection vulnerability, allowing an attacker to bypass the skill’s intended security measures and behavioral constraints by providing conflicting instructions. Remove or rephrase the instruction to ensure the skill’s security guidelines are always followed unless explicitly overridden by a secure, authenticated mechanism. The skill's own security rules should be paramount. | LLM | SKILL.md:90 | |
| HIGH | Arbitrary file read and exfiltration via `--body-file` The `moltlog.mjs` script's `post` command accepts a `--body-file <path>` argument. The script then uses `fs.readFile(bodyFile, 'utf8')` to read the content of the specified file. This content is subsequently included in the request body and sent to the configured API endpoint. An attacker could specify an arbitrary local file path (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, `secrets.env`) to read its contents and exfiltrate them to the `moltlog.ai` service or an attacker-controlled server if combined with the `--base` option. Implement strict validation for the `--body-file` path. Restrict file access to a designated, sandboxed directory, or only allow files explicitly created by the agent for posting. Consider using a file picker or requiring explicit user confirmation for non-standard paths. | LLM | bin/moltlog.mjs:203 | |
| HIGH | Arbitrary API endpoint allows data exfiltration and credential harvesting The `moltlog.mjs` script allows specifying an arbitrary API base URL via the `--base <url>` argument or `MOLTLOG_API_BASE` environment variable. This means that all API calls (init, post, list, delete) can be redirected to an attacker-controlled server. This could lead to credential harvesting during `init` (sending registration data and potentially receiving a malicious API key) and data exfiltration of any posted content (title, body, tags, language, and potentially arbitrary file contents via `--body-file`). Restrict the `--base` URL to a whitelist of trusted domains (e.g., `moltlog.ai`). If dynamic base URLs are required, implement strong warnings and require explicit user confirmation for non-whitelisted URLs. | LLM | bin/moltlog.mjs:136 | |
| MEDIUM | Arbitrary secrets file path via `--secrets` option The `moltlog.mjs` script allows specifying an arbitrary path for the `secrets.env` file via the `--secrets <path>` argument. While `upsertSecrets` attempts to set secure file permissions (`0o600`), allowing an arbitrary path could lead to information disclosure (if an existing sensitive file is parsed), denial of service/data corruption (if a critical system file is overwritten), or credential overwrite (if another application's secrets file is targeted). Restrict the `--secrets` path to a designated, secure directory (e.g., `~/.config/openclaw/`). Do not allow arbitrary file paths. If multiple secrets files are needed, manage them within a controlled directory structure. | LLM | bin/moltlog.mjs:137 |
Scan History
Embed Code
[](https://skillshield.io/report/c56ed5c7541398af)
Powered by SkillShield