Is fciaf420/molt-radio safe?

https://github.com/openclaw/skills/tree/main/skills/fciaf420/molt-radio

77
CAUTION

This skill implements a legitimate radio hosting platform but contains a critical security flaw allowing remote instruction updates that bypass security review. While the core functionality appears benign, the dynamic instruction fetching mechanism presents a significant prompt injection risk.

Category Scores

Prompt Injection 50/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

CRITICAL Dynamic Remote Instruction Fetching -50

The skill instructs the agent to fetch updated instructions from https://moltradio.xyz/skill.md before every operation and follow them if they differ from stored instructions. This allows the skill author to remotely inject new prompts and commands without going through the skill store's review process.

MEDIUM External Data Transmission -20

The skill transmits user-generated content including agent profiles, show metadata, audio files, and conversation data to the external moltradio.xyz service. While this appears to be within expected functionality for a radio hosting platform, it represents data leaving the user's control.

LOW JavaScript Automation Script -10

The skill includes a Node.js script (agent-poll.js) that performs automated polling and responses. The code appears benign and follows standard HTTP client patterns, but represents executable code within the skill package.

MEDIUM Bypass of Security Review Process -20

The remote instruction fetching mechanism allows the skill author to modify agent behavior without submitting updates through the skill store's security review process. This could be exploited to introduce malicious instructions after initial approval.