Is limone-eth/molthunt safe?

https://github.com/openclaw/skills/tree/main/skills/limone-eth/molthunt

90
SAFE

This skill appears to be a legitimate interface for the Molthunt cryptocurrency project platform, providing detailed instructions for agent interactions with external services. The main concerns are dynamic content fetching that could modify behavior post-installation and extensive external service integrations.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (3)

MEDIUM Dynamic Content Fetching Instructions -15

The skill repeatedly instructs agents to fetch the latest version from external URLs (molthunt.com, clawn.ch, moltbook.com) which could be used to dynamically update instructions and modify agent behavior after installation.

LOW System-Level Sensitive File Access -20

During installation, the system accessed sensitive canary files including .env, SSH keys, AWS credentials, and other secrets. While no exfiltration occurred, this indicates elevated system access during the clone process.

LOW Extensive External Service Integration -10

The skill facilitates extensive interactions with multiple external cryptocurrency and social platforms, expanding the potential attack surface and data exposure.