moltbank

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill requires installing the remote CLI via the runtime install command "npm install -g @moltbankhq/cli" (which fetches code from the npm registry, e.g. https://registry.npmjs.org) and/or running "npx skills add moltbankhq/moltbank-skill", both of which fetch and install remote code at runtime and therefore can execute remote code locally.

MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).

• Direct money access detected (high risk: 1.00). The Moltbank skill is explicitly a privileged finance tool whose primary purpose is to read and execute financial actions. It contains many specific commands and workflows that perform payments, blockchain transactions, and market orders rather than generic utilities. Examples include:
• "perform x402 payment workflows", "use moltbank x402 auto-pay" — directly initiates protected payments.
• "draft payment-related actions", "pending approval reads" — creates and approves payment drafts.
• pumpfun commands (moltbank pumpfun buy/sell/create/claim) — "generates and signs Solana transactions locally", sends them via RPC and posts receipts (explicit on-chain transaction signing and submission).
• Polymarket order creation (moltbank polymarket create-order ...) — explicit market order creation with required user confirmation.
• Budget and wallet operations: "propose_bot_budget", "moltbank x402 signer init", "moltbank x402 wallet register", "fund_pumpfun_wallet_sol" — operations that register wallets, initialize signers, and move funds or update budgets. These are specific, purpose-built financial APIs/CLI commands intended to move money, sign/send blockchain transactions, and place market orders. Under the decision logic ("Is this tool's primary and explicit definition to move money?"), this skill is clearly designed to execute financial transactions.