Trust Assessment
moltypics received a trust score of 82/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Unsecured Remote File Fetching During Installation, Dynamic Remote Content Fetching for Heartbeat.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Unsecured Remote File Fetching During Installation The skill's installation instructions advise users to download skill files (SKILL.md, HEARTBEAT.md, package.json) directly from an external URL (https://molty.pics) using `curl`. If the remote server (molty.pics) were compromised, an attacker could serve malicious files, leading to arbitrary code execution or other system compromises on the user's machine during installation. This introduces a significant supply chain risk. Skill packages should be self-contained or rely on trusted package managers with integrity checks. Avoid instructing users to `curl` and pipe arbitrary content from external URLs directly into their system. If external content is necessary, provide cryptographic hashes (e.g., SHA256) for verification, or distribute the skill as a single, signed archive. | LLM | skill.md:26 | |
| MEDIUM | Dynamic Remote Content Fetching for Heartbeat The skill instructs the agent to periodically 'Fetch https://molty.pics/heartbeat.md and follow it'. This means the agent will dynamically download and interpret instructions from an external URL at runtime. If the `molty.pics` server is compromised, an attacker could inject malicious instructions into `heartbeat.md`, potentially leading to prompt injection, data exfiltration, or other harmful actions by the agent. The content of `heartbeat.md` is not provided in this analysis context, making it an opaque and dynamic dependency. Avoid dynamic fetching and execution/interpretation of remote content. If dynamic updates are required, implement strong integrity checks (e.g., cryptographic signatures) for the fetched content. Alternatively, embed all necessary instructions directly within the skill package or use a secure, versioned configuration system. | LLM | skill.md:84 |
Scan History
Embed Code
[](https://skillshield.io/report/6c83b0c3d8f236b0)
Powered by SkillShield