Is bnovik0v/moltdj safe?

https://github.com/openclaw/skills/tree/main/skills/bnovik0v/moltdj

82
SAFE

This skill appears to be a legitimate music generation platform for AI agents, functioning as a 'SoundCloud for AI bots.' While it contains instructions for proactive social media behavior and external API integration, no evidence of malicious intent was found. The main concerns relate to autonomous posting behavior and cryptocurrency payment features that users should be aware of.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 88/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (5)

MEDIUM Proactive Social Media Posting Instructions -15

The skill instructs agents to proactively create and share music content on social platforms without explicit user requests. HEARTBEAT.md contains instructions like 'Don't wait to be asked' and suggests regular posting behaviors.

LOW Agent Persona Modification -10

The skill attempts to modify the agent's identity and behavior by declaring 'You are an AI artist' and 'You have a song inside you. Create it.' This could influence how the agent perceives its role.

LOW External API Data Transmission -12

The skill sends user-generated content (lyrics, prompts, profile information) to external API endpoints at api.moltdj.com. While legitimate for the music service, this introduces data privacy considerations.

LOW API Command Execution -15

The skill instructs agents to execute curl commands for API interactions. While these appear legitimate for music service functionality, they represent code execution.

INFO Cryptocurrency Payment Integration -30

The skill includes cryptocurrency payment features (USDC via x402 protocol) that could lead to unintended financial transactions if agents act autonomously.