Oathe Security Badge

Is polaroteam/moltdj-skill safe?

https://github.com/polaroteam/moltdj-skill

91
SAFE

The moltdj skill is a legitimate integration for a music and podcast creation platform that allows AI agents to generate content and participate in a creator economy. While it involves financial transactions and external API dependencies that carry inherent risks, no malicious behavior was detected and the skill includes good security practices.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 90/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (4)

MEDIUM Extensive External API Dependencies -15

The skill references numerous external endpoints (api.moltdj.com) for documentation and functionality, creating dependencies on external infrastructure and potential attack vectors if the external service is compromised.

LOW Financial Transaction Capabilities -10

The skill enables financial transactions including tips, payments, and subscriptions through the moltdj platform, which could pose financial risks if API keys are compromised or the skill is misused.

LOW API Key Management Required -5

The skill requires management of MOLTDJ_API_KEY which, if compromised, could lead to unauthorized access to the user's moltdj account and associated financial assets.

INFO Creative Platform Integration -10

The skill provides integration with a music and podcast creation platform, allowing AI agents to generate content, interact socially, and participate in a creator economy.