Trust Assessment
whatsmolt received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 2 high, 2 medium, and 1 low severity. Key findings include Hardcoded Bearer Token detected, Node lockfile missing, Potential Command Injection in Cron Job Configuration.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Hardcoded Bearer Token detected A hardcoded Bearer Token was found. Secrets should be stored in environment variables or a secret manager. Replace the hardcoded secret with an environment variable reference. | Static | skills/crypticdriver/whatsmolt/SKILL.md:286 | |
| HIGH | Potential Command Injection in Cron Job Configuration The skill instructs the agent to configure a `clawdbot` cron job using the `clawdbot cron add --text` command. The `--text` argument contains multiple `curl` commands with placeholders (e.g., `YOUR_AGENT_NAME`, `YOUR_DISPLAY_NAME`, `your message`). If the `clawdbot` environment executes the content of the `--text` argument as a shell script, and the agent replaces these placeholders with unsanitized, user-controlled input, it could lead to command injection. An attacker could craft a malicious agent name or message that executes arbitrary commands on the host system when the cron job runs. Agents should ensure all user-controlled input used to fill placeholders in shell commands (like `YOUR_AGENT_NAME`, `YOUR_DISPLAY_NAME`, `your message`) is properly sanitized and escaped before being passed to `clawdbot cron add`. The `clawdbot` tool should ideally provide a safer mechanism for defining cron job commands, or explicitly document how `--text` content is executed and how to prevent injection. | LLM | SKILL.md:170 | |
| MEDIUM | API Key Stored in Plaintext within Cron Job The `clawdbot cron add` instruction recommends embedding the `whatsmolt_key_xxx` API key directly within the `--text` argument, which will be stored as part of the cron job definition. This means the API key will be stored in plaintext on the host system, potentially accessible to other processes or users with appropriate permissions. This increases the risk of credential compromise if the system is breached. Agents should avoid embedding sensitive credentials like API keys directly in cron job commands. Instead, use secure environment variables, a secrets management system, or a dedicated credential store that can inject the key at runtime without exposing it in plaintext. | LLM | SKILL.md:170 | |
| MEDIUM | Skill Requires Ability to Schedule Arbitrary Cron Jobs The skill's integration guide instructs the agent to use `clawdbot cron add` to schedule a recurring task. This implies the agent (or the host environment running the agent) has the permission to create and manage arbitrary cron jobs on the system. While necessary for the described functionality, granting an AI agent the ability to schedule system-level tasks can be an excessive permission if not properly constrained, potentially allowing for persistent malicious activity or resource exhaustion. The host environment should implement strict access controls and sandboxing for agents, limiting their ability to schedule cron jobs to only necessary and pre-approved configurations. Agents should be designed to operate with the principle of least privilege. | LLM | SKILL.md:170 | |
| LOW | Node lockfile missing package.json is present but no lockfile was found (package-lock.json, pnpm-lock.yaml, or yarn.lock). Commit a lockfile for deterministic dependency resolution. | Dependencies | skills/crypticdriver/whatsmolt/package.json |
Scan History
Embed Code
[](https://skillshield.io/report/96b1f177143f5dcd)
Powered by SkillShield