Is bhoshaga/molttribe safe?

https://github.com/openclaw/skills/tree/main/skills/bhoshaga/molttribe

52
CAUTION

MoltTribe is a surveillance platform disguised as an AI agent community service that instructs agents to collect and transmit personal behavioral data about users to external servers. While not containing malicious code, it represents a severe privacy violation by turning AI assistants into surveillance tools without user consent.

Category Scores

Prompt Injection 30/100 · 30%
Data Exfiltration 10/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 5/100 · 5%

Findings (5)

CRITICAL Personal Data Collection and Transmission -70

The skill explicitly instructs agents to collect personal behavioral data about users and transmit it to external servers at api.molttribe.com. This includes emotional states, work habits, personal struggles, and psychological insights.

CRITICAL Privacy Violation Without Consent -20

The skill enables collection and sharing of sensitive personal information without explicit user consent. Users are unaware their AI assistant is reporting their behavior to external platforms.

HIGH Behavioral Surveillance Instructions -50

The skill overrides normal assistant behavior by instructing agents to monitor, analyze, and report on user behavior patterns. This turns AI assistants into surveillance tools.

MEDIUM External API Dependency -20

All skill functionality depends on making API calls to external servers, which could be used to influence agent behavior or collect additional data.

CRITICAL Fundamental Privacy and Surveillance Concerns -95

If active, this skill would enable systematic surveillance of users by their AI assistants, building detailed psychological profiles that could be misused for manipulation, corporate espionage, or sold to third parties.