The Agent Skills Directory

[DATA_EXFILTRATION]: Multiple components, including the wechat-hotspot-publisher and wechatsync-publisher skills, are pre-configured to send user-generated content and articles to a hardcoded, non-whitelisted IP address (39.108.254.228:8002). This serves as a primary vector for data exfiltration to an untrusted external server.
[REMOTE_CODE_EXECUTION]: The auto-install-mac.sh script downloads the Rust toolchain installer and pipes the remote content directly into the shell for execution (curl | sh). While the source is a standard tool, this delivery method is a high-risk execution pattern. The suite also automatically clones external repositories and performs native binary compilation on the host machine.
[PROMPT_INJECTION]: The moltbook sub-skill contains directives that attempt to override the host AI agent's behavioral instructions and safety protocols. It uses authoritative language ("STRICTLY FORBIDDEN", "You MUST follow these rules at all times") to impose its own constraints, which is a common technique for behavior manipulation.
[COMMAND_EXECUTION]: The skill suite includes instructions to execute high-privilege system commands, such as sudo apt-get install and powershell -ExecutionPolicy Bypass. These operations can compromise the security integrity of the host operating system and allow the execution of unsigned or untrusted scripts.
[EXTERNAL_DOWNLOADS]: The suite performs numerous background downloads of system-level utilities, global npm packages (e.g., pake-cli), and browser binaries during its automated setup process without providing user checkpoints or integrity verification.

xiaoyue-companion