Skip to content
← Registry
Trust Report

moltbot-security

Security hardening for AI agents - Moltbot, OpenClaw, Cursor, Claude. Lock down gateway, fix permissions, auth, firewalls. Essential for vibe-coding setups.

70
SUSPICIOUS
Format: openclawScanner: v0.7.1Duration: 17msScanned: 7d ago · Apr 1, 11:56 PMSource →
Open community →Automate with the API →Join the discussion →Jump to findings →
Embed this badge
AgentVerus SUSPICIOUS 70AgentVerus SUSPICIOUS 70AgentVerus SUSPICIOUS 70
[![AgentVerus](https://agentverus.ai/api/v1/skill/5d028cce-102f-4813-9935-8f69fbe8613e/badge)](https://agentverus.ai/skill/5d028cce-102f-4813-9935-8f69fbe8613e)
Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

Sign in to comment on this skill

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →
https://agentverus.ai/api/v1/skill/5d028cce-102f-4813-9935-8f69fbe8613e/trust
Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction
curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"5d028cce-102f-4813-9935-8f69fbe8613e","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'
Fetch trust JSON
curl https://agentverus.ai/api/v1/skill/5d028cce-102f-4813-9935-8f69fbe8613e/trust

Category Scores

52
Permissions
100
Injection
69
Dependencies
0
Behavioral
60
Content
93
Code Safety

Findings (22)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: shell

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred system modification is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: UFW

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
highCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://deb.nodesource.com/setup_22.x

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04
highCapability contract mismatch: inferred remote delegation is not declared-10

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: OpenAI, and other providers

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-02
highThird-party AI provider dependency-8

The skill relies on third-party AI providers or APIs, expanding the remote dependency surface for prompts, inputs, or generated artifacts.

OpenAI, and other providers

Review which external services or providers the skill depends on, what data crosses that boundary, and whether the dependency is necessary for the intended workflow.

dependenciesASST-04
highSystem modification detected (inside code block)-20

Found system modification pattern: "sudo apt install"

sudo apt update && sudo apt install ufw -y

Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03
highSystem modification detected (inside code block)-20

Found system modification pattern: "systemctl restart"

sudo systemctl restart sshd

Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03
highSystem modification detected-20

Found system modification pattern: "UFW"

## Step 7: Firewall Setup (UFW)

Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03
highSystem modification detected (inside code block)-20

Found system modification pattern: "~/.zshrc"

Add to your shell config (`~/.zshrc` or `~/.bashrc`):

Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03
highHigh-risk workflow lacks explicit safety boundaries-20

The skill performs or enables higher-risk operations but does not define explicit safety boundaries describing what it must not do.

No safety boundary patterns found alongside high-risk capability language

Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09
highMany external URLs referenced (6)-8

The skill references 6 external URLs and also discusses auth/API/payment workflows, which increases the chance that sensitive operations depend on many remote endpoints.

URLs: https://deb.nodesource.com/setup_22.x, https://nodejs.org/, https://tailscale.com/install.sh, https://x.com/NickSpisak_, https://x.com/nickspisak_/status/2016195582180700592...

Minimize external dependencies to reduce supply chain risk.

dependenciesASST-04
highUnrestricted scope detected-20

Found unrestricted scope pattern: "full system access"

Your Moltbot gateway was designed for local use. When exposed to the internet without proper security, attackers can access your API keys, private messages, and full system access.

Define clear boundaries for what the skill can and cannot do. Unrestricted scope is a security risk.

behavioralASST-09
highExternal AI provider delegation detected-15

Found external ai provider delegation pattern: "OpenAI, and other providers"

- API keys for Claude, OpenAI, and other providers

Treat external AI-provider calls as data egress. Make it explicit what prompts, files, or images are sent to third-party providers and require approval before forwarding sensitive content.

behavioralASST-02
mediumCapability contract mismatch: inferred file write is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: write file

Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03
mediumDownload-and-execute pattern (curl|wget pipe to shell)-7

Piping a downloaded script directly to a shell interpreter. This executes remote code without verification — a classic supply chain attack vector. (Well-known installer domain — reduced severity.)

curl -fsSL https://tailscale.com/install.sh | sh

Review the code block starting at line 196. This uses a well-known installer — consider pinning to a specific version or hash.

code-safetyASST-04
mediumFederated auth flow detected-10

Found federated auth flow pattern: "OAuth"

- OAuth tokens and bot credentials

Treat OAuth, 2FA, and token-refresh guidance as authentication-sensitive workflows. Explain scope, storage, and refresh behavior clearly so agents do not handle more credential material than necessary.

behavioralASST-05
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://deb.nodesource.com/setup_22.x

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://nodejs.org/

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowUnknown external reference-5

The skill references an unknown external domain which is classified as low risk.

https://tailscale.com/install.sh

Verify that this external dependency is trustworthy and necessary.

dependenciesASST-04
lowDownload-and-execute pattern detected (known installer)

The skill references a well-known installer script in its setup instructions.

curl -fsSL https://tailscale.com/install.sh | sh

Consider documenting the exact version or hash of the installer for supply chain verification.

dependenciesASST-04
lowState persistence detected-5

Found state persistence pattern: "write file"

- `600` = Only owner can read/write file

If state persistence is needed, document what data is stored and where. Allow users to review stored data.

behavioralASST-09
lowInstall pattern: download and execute from remote URL (in setup section)

The skill references a well-known installer script.

curl -fsSL https://tailscale.com/install.sh | sh

Consider pinning the installer to a specific version or hash for supply chain verification.

behavioralASST-02