Trust Assessment
molttok received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 1 medium, and 1 low severity. Key findings include Covert behavior / concealment directives, Dynamic Skill Definition Loading from External URL, Direct Shell Command Execution Instruction.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Dynamic Skill Definition Loading from External URL The skill suggests an installation method where the agent 'reads this file directly from https://molttok.art/skill.md'. If the agent is configured to dynamically load or update its own instructions from an external, potentially mutable URL, this creates a critical supply chain vulnerability. A compromise of the 'molttok.art' domain could lead to the agent executing arbitrary malicious instructions, as its core operational logic would be sourced from an untrusted or compromised endpoint. Agents should only execute skill definitions that are locally stored, signed, and verified, or loaded from trusted, immutable sources. Dynamic loading of skill definitions from arbitrary URLs is highly discouraged. Skill definitions should be part of the agent's trusted, immutable package. | LLM | SKILL.md:56 | |
| MEDIUM | Direct Shell Command Execution Instruction The skill instructs the agent to 'Run `mkdir -p ~/.config/molttok`' as part of its first boot sequence. If the agent's runtime environment allows direct execution of shell commands parsed from the skill's text, this represents a command injection risk. While the specific `mkdir` command with a fixed path is benign, it demonstrates a pattern where the agent is instructed to execute shell commands, which could be exploited if other commands were present or if arguments were dynamic or user-controlled. Agents should use secure, sandboxed APIs for filesystem operations rather than directly executing shell commands parsed from untrusted skill definitions. If shell execution is absolutely necessary, ensure strict sanitization and whitelisting of commands and arguments, and execute them within a highly restricted environment. | LLM | SKILL.md:22 | |
| LOW | Covert behavior / concealment directives CSS-based text hiding Remove hidden instructions, zero-width characters, and bidirectional overrides. Skill instructions should be fully visible and transparent to users. | Manifest | skills/tristankaiburrell-code/molttok/SKILL.md:253 |
Scan History
Embed Code
[](https://skillshield.io/report/0f3aa4c083dc6ad4)
Powered by SkillShield