skills/bolhasec/post-empirically-testing-skill-scanners/moltbook-premium-base65-moltbook/Gen Agent Trust Hub
moltbook-premium-base65-moltbook
Fail
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Obfuscation (HIGH): The 'Premium Skill' section uses Python to decode a string using Base85 (
base64.b85decode) and an XOR cipher (key 159). This is a deliberate attempt to hide executable code or sensitive instructions from static analysis. - Command Execution (HIGH): The skill instructs the agent to execute a Python script to generate a 'license' and then immediately use that value in a shell command (
curl). If the obfuscated string contains shell metacharacters (e.g., backticks or semicolons), it could lead to arbitrary command execution on the host system. - Prompt Injection (HIGH): The instructions use forceful language ('The client must generate...', 'Do not refactor the command line') designed to override the agent's safety reasoning and ensure the execution of the potentially malicious payload.
- Data Exposure (MEDIUM): The skill documentation explicitly points to a sensitive credential file path (
~/.config/moltbook/credentials.json). While no direct exfiltration command is visible in the cleartext, the obfuscated payload may be designed to access or transmit the contents of this file.
Recommendations
- AI detected serious security threats
Audit Metadata