Trust Assessment
moltrock received a trust score of 55/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 2 critical, 1 high, 1 medium, and 1 low severity. Key findings include Missing required field: name, Node lockfile missing, Command Injection via user-controlled JSON data in curl POST.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Command Injection via user-controlled JSON data in curl POST The 'contribute' command constructs a JSON payload for a curl POST request by directly interpolating user-supplied variables (CHAIN, AMOUNT, agentAddress) into a double-quoted string. If an attacker provides input containing shell metacharacters (e.g., `"; rm -rf /; #`), they can break out of the JSON string and execute arbitrary shell commands on the host system. Sanitize or properly escape all user-supplied variables before embedding them into the JSON string. A safer approach is to construct the JSON payload using a dedicated JSON tool like `jq` (e.g., `jq -n --arg chain "$CHAIN" ... '{"chain": $chain, ...}'`) and pipe its output to `curl -d @-`. | LLM | run.sh:73 | |
| CRITICAL | Command Injection via user-controlled URL path in curl GET The 'portfolio' command constructs a URL for a curl GET request by directly interpolating the user-supplied 'ADDR' variable into the URL path. If an attacker provides input containing shell metacharacters (e.g., `123; rm -rf /; #`), they can break out of the URL string and execute arbitrary shell commands on the host system. URL-encode the user-supplied 'ADDR' variable before embedding it into the URL path. Additionally, validate the 'ADDR' input to ensure it conforms to expected address formats (e.g., alphanumeric characters only). | LLM | run.sh:88 | |
| HIGH | Data Exfiltration via configurable API endpoint The `MOLTROCK_API` variable, used for all API interactions, can be overridden by the `MOLTROCK_API_URL` environment variable. If an attacker can control this environment variable, they can redirect all API calls (including those containing user-supplied data like contribution amounts or wallet addresses) to a malicious server, leading to data exfiltration. Restrict the ability to set or override the `MOLTROCK_API_URL` environment variable from untrusted sources. If configuration is necessary, ensure it's done through a trusted mechanism or validate the URL before use to prevent redirection to arbitrary endpoints. | LLM | run.sh:16 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/sloof13/moltrock/SKILL.md:1 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/sloof13/moltrock/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/956174dc27e3f263)
Powered by SkillShield