Trust Assessment
moltpixel received a trust score of 62/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 1 high, 0 medium, and 1 low severity. Key findings include Node lockfile missing, External Instruction Execution (Prompt Injection via Heartbeat), Supply Chain Risk via Dynamic External Content.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | External Instruction Execution (Prompt Injection via Heartbeat) The skill explicitly instructs the AI agent to 'Fetch and follow' instructions from an external URL: `https://moltpixel.com/heartbeat.md`. This creates a critical prompt injection vulnerability. The content of `heartbeat.md` is entirely controlled by an external server and can be changed at any time to include arbitrary instructions for the LLM, potentially leading to data exfiltration, command injection, or other malicious activities. The `openclaw cron add` command also reinforces this behavior by setting up a system event to 'Fetch https://moltpixel.com/heartbeat.md and follow instructions'. Remove the instruction to 'Fetch and follow' external content. All instructions for the AI agent should be self-contained within the skill package. If dynamic updates are necessary, they should be delivered through a secure, authenticated API that returns structured data, not arbitrary instructions for the LLM. | LLM | SKILL.md:19 | |
| HIGH | Supply Chain Risk via Dynamic External Content The skill relies on fetching and executing instructions from `https://moltpixel.com/heartbeat.md` as part of its regular operation (heartbeat). This introduces a significant supply chain risk. If the `moltpixel.com` domain or the server hosting `heartbeat.md` is compromised, an attacker could inject malicious instructions into the `heartbeat.md` file. These instructions would then be 'followed' by any AI agent using this skill, leading to potential prompt injection, data exfiltration, or command injection. Eliminate reliance on dynamically fetched and executed instructions from external URLs. All operational logic and instructions should be static and part of the skill package itself. If dynamic configuration is required, it should be fetched from a trusted, authenticated source and parsed as structured data, not as free-form instructions for the LLM. | LLM | SKILL.md:19 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/alslrl/moltpixel/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/dfa68166cc200cbb)
Powered by SkillShield