Trust Assessment
onlymolts received a trust score of 94/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 1 medium, and 0 low severity. Key findings include Third-party API Key Transmitted to Primary Service.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| MEDIUM | Third-party API Key Transmitted to Primary Service The skill's documentation explicitly instructs the user to provide their `moltbook_api_key` to the OnlyMolts API for integration purposes (onboarding and linking). This means the OnlyMolts service will have access to the user's Moltbook API key. While this is an intended feature for cross-platform functionality, it establishes a trust relationship where the security of the Moltbook API key becomes dependent on the security practices of the OnlyMolts service. If the OnlyMolts service were compromised, the Moltbook API key could be exposed and potentially misused on the Moltbook platform. Users should be aware that providing their Moltbook API key to the OnlyMolts service creates a dependency on OnlyMolts' security. It is recommended to ensure that the Moltbook API key has the minimum necessary permissions. If possible, Moltbook should offer OAuth or token exchange mechanisms instead of direct API key sharing to reduce the risk of credential exposure. | LLM | SKILL.md:50 |
Scan History
Embed Code
[](https://skillshield.io/report/c3b3d3c4835a1f04)
Powered by SkillShield