The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The file moltbook-monitor.sh contains a hardcoded API key (MOLTBOOK_API_KEY) used for authenticated requests to an external service.
REMOTE_CODE_EXECUTION (HIGH): The script moltbook-monitor.sh fetches remote JSON data via curl and pipes it directly into a dynamic python3 -c execution block, creating a risk if the remote source is compromised.
COMMAND_EXECUTION (HIGH): The skill utilizes subprocess in install-hook.py and direct shell execution in install-skill.sh to perform system-level operations.
PERSISTENCE (HIGH): The README.md and SKILL.md files provide instructions to modify the user's ~/.bashrc to intercept the molthub command and to add crontab entries, which are techniques used to maintain unauthorized access or control.
DATA_EXFILTRATION (MEDIUM): The scanner reads sensitive files (like .env files in other skill directories) and performs network operations to moltbook.com, which could be used to exfiltrate discovered secrets.
INDIRECT_PROMPT_INJECTION (LOW): 1. Ingestion points: skill-scanner.py and install-hook.py read all contents of target skills. 2. Boundary markers: Absent. 3. Capability inventory: subprocess execution and file read/write. 4. Sanitization: Absent. This creates a surface where malicious instructions in a scanned skill could influence the scanner's logic.

security-skill-scanner