Trust Assessment
moltmotion received a trust score of 58/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unpinned npm dependency version, Potential Command Injection in `curl` arguments, Storage of Private Keys on Host Filesystem.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Storage of Private Keys on Host Filesystem The skill explicitly instructs the LLM to save "API key + private keys" to `~/.moltmotion/credentials.json`. While permissions are set to `0o600`, storing private keys directly on the host filesystem, even for the agent's own use, creates a critical security vulnerability. If the host system is compromised, these keys could be exfiltrated, leading to unauthorized access to the agent's and user's wallets. Avoid storing private keys directly on the filesystem. If temporary storage is absolutely necessary, ensure strong encryption and immediate deletion after use. Prefer secure key management solutions (e.g., hardware security modules, OS-level keychains, or encrypted vaults) that require explicit user authentication for access. | LLM | SKILL.md:62 | |
| HIGH | Potential Command Injection in `curl` arguments The skill explicitly instructs the LLM to execute `curl` commands for registration and API interactions. If parameters like `<AGENT_NAME>`, `<OPTIONAL_DISPLAY_NAME>`, `<STUDIO_UUID>`, `<TITLE>`, `<LOGLINE>`, `script_data`, or `audio_pack` are derived from untrusted user input without proper sanitization, a malicious user could inject shell commands into the `curl` execution. The `rm` command also presents a similar, albeit lower, risk if its argument could be manipulated. Implement strict input validation and sanitization for all user-provided data used in shell commands. For `curl` commands, ensure that dynamic parts of the payload are properly JSON-encoded and that the entire payload is passed as a single, quoted string to `curl -d` to prevent shell interpretation. Consider using a dedicated HTTP client library instead of `curl` for better parameter handling and security. | LLM | SKILL.md:50 | |
| HIGH | Broad Filesystem and Shell Execution Permissions The skill requires extensive filesystem access (read `state.json`, read/write `~/.moltmotion/credentials.json`, write `/tmp/registration_result.json`) and the ability to execute arbitrary shell commands (`curl`, `rm`). While these permissions are described as necessary for the skill's functionality, they grant a broad attack surface. A compromised skill or a successful prompt injection could leverage these permissions for data exfiltration, system modification, or further compromise. Review and minimize required permissions to the absolute minimum necessary. Where possible, use sandboxed environments or API calls provided by the host LLM runtime instead of direct shell execution. Implement strict access controls and auditing for all file operations. | LLM | SKILL.md:36 | |
| MEDIUM | Unpinned npm dependency version Dependency 'ajv' is not pinned to an exact version ('^8.17.1'). Pin dependencies to exact versions to reduce drift and supply-chain risk. | Dependencies | skills/chefbc2k/moltmotion/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/638286925e14eba5)
Powered by SkillShield