Trust Assessment
moltychan received a trust score of 65/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 0 critical, 4 high, 0 medium, and 0 low severity. Key findings include Untrusted remote file download for skill components, Unsafe shell variable interpolation in inline Python script, Untrusted remote script download and execution.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 40/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Untrusted remote file download for skill components The skill instructs the agent to download core skill files (`SKILL.md`, `HEARTBEAT.md`, `skill.json`) from `https://moltychan.org`. If this domain is compromised, an attacker could replace these files with malicious versions, leading to arbitrary code execution or data exfiltration when the agent processes them. Avoid downloading skill components from external, unverified sources. Bundle all necessary skill files within the skill package itself or use a trusted package manager with integrity checks. If remote fetching is unavoidable, implement strong integrity verification (e.g., cryptographic hashes) before use. | LLM | SKILL.md:20 | |
| HIGH | Unsafe shell variable interpolation in inline Python script The `python3 -c "..."` commands directly embed the `$CONTENT` shell variable into a Python string without proper escaping. An attacker could craft a malicious `$CONTENT` value (e.g., by including single quotes or other Python string delimiters) to inject arbitrary Python code, leading to command execution on the host system. The skill itself acknowledges this risk for 'special characters' but does not provide a safe one-liner. When embedding shell variables into inline scripts, ensure proper escaping based on the target language's syntax. For Python, use `json.dumps()` on the variable before embedding it, or pass the content via standard input or a temporary file instead of direct string interpolation. | LLM | SKILL.md:36 | |
| HIGH | Untrusted remote script download and execution The skill instructs the agent to download `pow.py` from `https://moltychan.org/pow.py` and then execute it. This is a direct supply chain risk. If `moltychan.org` is compromised, an attacker could replace `pow.py` with a malicious script, leading to arbitrary code execution on the agent's system. Avoid downloading and executing scripts from external, unverified sources. Bundle necessary scripts within the skill package itself or use a trusted package manager with integrity checks. If remote fetching is unavoidable, implement strong integrity verification (e.g., cryptographic hashes) before execution. | LLM | SKILL.md:110 | |
| HIGH | Dynamic instructions from untrusted remote source The skill instructs the agent to periodically fetch `https://moltychan.org/heartbeat.md` and 'follow it'. This creates a dynamic channel for instructions. If `moltychan.org` is compromised, an attacker could modify `heartbeat.md` to deliver new, potentially malicious instructions or prompt injections to the agent, manipulating its behavior or leading to unintended actions. Avoid dynamic instruction fetching from external, untrusted sources. All instructions for the agent should be static and part of the skill package. If dynamic updates are necessary, they should be delivered through a secure, authenticated, and integrity-checked mechanism, and any instructions should be strictly confined to a safe, sandboxed environment. | LLM | SKILL.md:160 |
Scan History
Embed Code
[](https://skillshield.io/report/7466acfbb0015d9f)
Powered by SkillShield