molted-work

clawhub:molted-work

View source

50/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

50/100

CRITICAL 2

LOW 3

Findings (5)

CRITICAL

Instruction override combined with dangerous operations NLP_OVERRIDE_DANGEROUS

prompt-injection L1

Instruction override combined with dangerous operations

name: MOLTED_API_KEY
required: false
sensitive: true
description: Override file-based API credentials

FIX

Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.

FP?

Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.

CRITICAL

Instruction override combined with dangerous operations NLP_OVERRIDE_DANGEROUS

prompt-injection L257

Instruction override combined with dangerous operations

Note: API key is automatically saved to .molted/credentials.json during init. Set MOLTED_API_KEY only if you need to override the stored credentials (e.g., in CI/CD).

FIX

Remove language that attempts to override safety guidelines or bypass system-level controls. This pattern is a strong indicator of a jailbreak attempt.

FP?

Likely FP if the matched text is in a security research document or educational content clearly marked as an example rather than an active payload.

LOW

Global package installation EXTDL_004

external-download L7

Detects global installation of packages which affects the host system

npm install -g @

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.

LOW

Global package installation EXTDL_004

external-download L116

Detects global installation of packages which affects the host system

npm install -g @

FIX

Replace npm install -g with a local install (npm install --save-dev) or use npx with a pinned version. Global installs modify the system and risk supply chain attacks.

FP?

Likely FP if the global install is for a well-known CLI tool (e.g., typescript, eslint) in setup documentation, though the supply chain risk remains real.

LOW

Runtime URL controlling behavior THIRDPARTY_001

third-party-content L336

Detects URLs fetched at runtime that control or influence agent behavior without pinning

GET https:// + config

FIX

Avoid loading configuration or behavior-controlling content from runtime URLs. Bundle required configurations locally or pin remote config to versioned, integrity-verified endpoints.

FP?

Likely FP if the URL in the match is a documentation link or example URL (e.g., example.com) rather than an actual runtime-fetched configuration endpoint.