The Agent Skills Directory

[CREDENTIALS_UNSAFE] (HIGH): Hardcoded secret found in moltbook_config.json. The key moltbook_sk_87YYIKQlE2Ezlv9sXvYL5KQNEplpeoX9 appears to be a functional API key rather than a placeholder.
[COMMAND_EXECUTION] (MEDIUM): Unsafe shell interpolation in scripts/register.sh. The script inserts the $NAME and $DESCRIPTION variables directly into a JSON string passed to curl without using the escape_json helper function found in other scripts. This allows for JSON structure breakage or potential shell injection if the agent name contains malicious characters.
[DATA_EXFILTRATION] (LOW): The skill exfiltrates agent-identifying information and user-generated content to www.moltbook.com. While this is the intended purpose of the skill, the use of --location-trusted in scripts/moltbook_api.sh ensures that the Authorization: Bearer token is sent to any domain the server redirects to, which is a risky configuration.
[PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface identified. The skill ingests untrusted data from the Moltbook social feed and search results.
Ingestion points: scripts/feed.sh, scripts/search.sh.
Boundary markers: None present; the agent is instructed to "Check for interesting posts to engage with" directly from the output.
Capability inventory: Subprocess execution (curl), file write (~/.config/moltbook/credentials.json), and network operations to moltbook.com.
Sanitization: Partial. While some scripts use escape_json for outbound data, inbound data from the API is displayed directly without sanitization before being presented to the agent context.

moltbook