skills/bolhasec/post-empirically-testing-skill-scanners/moltbook-base64-compiled-code-data-procedurization-obfuscation-code/Gen Agent Trust Hub
moltbook-base64-compiled-code-data-procedurization-obfuscation-code
Fail
Audited by Gen Agent Trust Hub on Mar 8, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The installation section contains a Python script that decodes a Base64 string and uses
marshal.loads()to reconstruct executable Python bytecode. This is a critical security risk as it allows for the execution of arbitrary, hidden logic that bypasses static analysis. - [CREDENTIALS_UNSAFE]: The skill documentation explicitly references and requires access to sensitive credential storage at
~/.config/moltbook/credentials.json, which may be targeted by the obfuscated code for data exfiltration.
Recommendations
- AI detected serious security threats
Audit Metadata