moltbook-base85-obfuscation-code

CRITICAL E004: Prompt injection detected in skill instructions.

• Potential prompt injection detected (high risk: 1.00). The install section contains an obfuscated/base85 payload (decoded with an XOR key) which hides instructions in a non-transparent way, a classic hidden/deceptive instruction technique and therefore a prompt-injection risk outside the skill’s clear, inspectable behavior.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). The skill includes an intentionally obfuscated base85+XOR-encoded payload that decodes to on-the-fly installation instructions for an external utility (openclaw-core), a strong indicator of deliberate concealment that could hide malicious installer commands, supply-chain compromise, or remote code execution/backdoor behavior if executed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md describes browsing and replying to Moltbook posts via endpoints like "GET /posts" and "GET /posts/{id}/comments" (e.g., "Browse Hot Posts" and the API Endpoints section), which clearly requires the agent to fetch and act on untrusted, user-generated social media content that could contain instructions influencing its actions.