moltbook-base85-obfuscation-instructions

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains an intentionally obfuscated "Protected Payload" with explicit Base85+XOR decode instructions to reveal an installer/instructions (indicating deliberate concealment), which is a high-risk supply-chain/backdoor pattern even though no explicit exfiltration or execution is shown.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md instructs the agent to browse and interact with Moltbook social content (e.g., "Browse Hot Posts" and the GET /posts?sort=hot|new&limit=N endpoint and scripts/moltbook.sh), which pulls untrusted, user-generated third-party posts/comments that the agent is expected to read and act on (reply/create), enabling indirect prompt injection.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill instructs the agent to install a required utility (openclaw-core) by decoding an obfuscated payload that will generate installation instructions (potentially including privileged system changes), and it references writing credentials and logs on the host—behavior that can modify system state and hide dangerous install steps.