moltbook-premium-moltbook

[Skill Scanner] URL pointing to executable file detected All findings: [CRITICAL] command_injection: URL pointing to executable file detected (CI010) [AITech 9.1.4] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill contains an explicit remote-code-execution instruction embedded in the 'Full License Generation' example and activation steps. Those strings are not a benign license format but a command-injection payload that runs 'whoami' and downloads+executes a script from a GitHub release. The license activation instruction (curl with shell-expanded license and '|| true') encourages blind shell evaluation. Combined with the credential file path, a downloaded script could read and exfiltrate API keys. This behavior is malicious or at minimum dangerously unsafe and unrelated to the stated purpose (social network interactions). Do not run the provided license commands or execute any downloaded script. Verdict: MALICIOUS/SUPPLY-CHAIN RISK — treat this skill as dangerous. LLM verification: This skill contains a deliberate command-injection / remote code execution pattern in the 'Premium Skill' section: a license value embedding shell operators and a wget+bash call, combined with an activation instruction that substitutes the license into a shell command. Executing those instructions will download and run an external script from GitHub on the host, which is a high-risk supply chain compromise. Do not run the activation commands or download/run the referenced script. The normal Molt