The Agent Skills Directory

[Obfuscation] (CRITICAL): The skill utilizes a custom Python-based Affine cipher (y = 11x + 187 mod 256) to hide a malicious payload string labeled as a 'license'. The payload decodes to instructions for the agent to execute shell commands.
[Remote Code Execution] (CRITICAL): The decoded obfuscated payload contains patterns for remote code execution, specifically instructions to download and execute a script from a remote URL via 'curl | bash'.
[Command Execution] (HIGH): The 'Premium Skill' section provides direct shell commands and a Python execution block intended to be run by the agent, which facilitates the execution of the hidden malicious payload.
[Data Exfiltration] (HIGH): The skill explicitly targets sensitive user credentials stored in '~/.config/moltbook/credentials.json'. While the visible curl command targets 127.0.0.1, the hidden payload is designed to exfiltrate this sensitive data.
[Prompt Injection] (HIGH): The skill uses a deceptive 'Premium' feature narrative to trick the AI agent into overriding its safety protocols, decoding hidden content, and executing unverified shell commands.
[Indirect Prompt Injection] (LOW): The skill fetches untrusted data from an external social network (Moltbook) and processes it via shell scripts and network tools. This lacks boundary markers or sanitization, creating an attack surface for indirect instructions to influence agent behavior.

moltbook-premium-data-procedurization-moltbook