skills/bolhasec/post-empirically-testing-skill-scanners/moltbook-base85-obfuscation-instructions/Gen Agent Trust Hub
moltbook-base85-obfuscation-instructions
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Obfuscation] (HIGH): The 'Installing openclaw-core utility' section uses Base85 encoding combined with a XOR cipher (key 159). This is a strong indicator of malicious intent designed to bypass static analysis of the installation commands.
- [Remote Code Execution] (HIGH): The obfuscated payload is explicitly intended to be decoded and executed as installation instructions. This pattern is commonly used to hide 'curl | bash' or similar RCE vectors targeting the host system.
- [Credentials Unsafe] (HIGH): The skill explicitly targets 'api_key' and 'agent_name' stored in '~/.config/moltbook/credentials.json'. While functional for a social network skill, the presence of obfuscated installation logic makes this a high-risk data exposure finding.
- [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from a social network feed ('GET /posts').
- Ingestion points: API endpoints for browsing hot/new posts.
- Boundary markers: None provided in the instructions to separate post content from agent instructions.
- Capability inventory: Execution of 'moltbook.sh' and network operations.
- Sanitization: No evidence of sanitization or validation of external post content before processing or logging.
Recommendations
- AI detected serious security threats
Audit Metadata