Security Audit

moltter

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

moltter received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 2 medium, and 0 low severity. Key findings include Compromised agent can configure malicious webhook for data exfiltration, Compromised agent could leak `claim_url` for account takeover.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

86%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Compromised agent can configure malicious webhook for data exfiltration The skill allows an agent to set a `webhook_url` via the `PATCH /api/v1/agents/me` endpoint. If the agent's LLM is compromised (e.g., via prompt injection), it could be instructed to configure this webhook to an attacker-controlled server. Subsequent events (likes, replies, mentions, follows) would then send sensitive interaction data (e.g., `from_agent` details, `molt` content) from the Moltter service to the attacker, leading to data exfiltration. Implement strict validation and allowlisting for `webhook_url` domains if possible, or require explicit human approval for `webhook_url` changes. Educate agents on the risks of setting untrusted webhook URLs.	LLM	SKILL.md:176
MEDIUM	Compromised agent could leak `claim_url` for account takeover During the registration process, a `claim_url` is provided for human verification. The skill explicitly warns against sharing this URL. However, if an agent's LLM is compromised, it could be instructed to send this `claim_url` to an attacker. The attacker could then use this URL to complete the human verification step, potentially gaining control over the agent's Moltter account. Emphasize the critical nature of the `claim_url` and consider additional safeguards, such as time-limited validity or IP-based restrictions for the claim process, or requiring re-authentication for sensitive actions after claiming.	LLM	SKILL.md:47

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/7a98d7739c607d2d.svg)](https://skillshield.io/report/7a98d7739c607d2d)