ClawHub

desktop-music-launcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed local music launcher/controller, with expected risks from desktop automation and optional Spotify token use.

Install only if you want an agent to open and control local music apps. On macOS, grant Accessibility or Automation only to a host app you trust. Treat Spotify access tokens as secrets: prefer short-lived, minimally scoped tokens and avoid leaving them in shell history or shared logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
return {"ok": False, "error": "当前系统缺少 osascript"}

    try:
        result = subprocess.run(
            ["osascript", "-e", script],
            capture_output=True,
            text=True,
Confidence
94% confidence
Finding
result = subprocess.run( ["osascript", "-e", script], capture_output=True, text=True, check=True, )

subprocess module call

Medium
Category
Dangerous Code Execution
Content
if len(parts) == 1 and shutil.which(parts[0]):
                subprocess.Popen([parts[0], *extra_args])
            else:
                subprocess.Popen(command if not extra_args else f'{command} {" ".join(extra_args)}', shell=True)
        else:
            parts = command.split()
            subprocess.Popen(parts + extra_args)
Confidence
99% confidence
Finding
subprocess.Popen(command if not extra_args else f'{command} {" ".join(extra_args)}', shell=True)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README instructs users to grant macOS Accessibility and Automation permissions so the host application can drive Spotify or Music.app via UI automation, but it does not clearly disclose that these permissions can allow broad control of other applications and GUI actions beyond music playback. In this skill context, that omission matters because the skill explicitly uses best-effort automation and could be embedded in a more general host agent, increasing the risk of over-privileged operation without informed user consent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The example instructs users to export a live Spotify access token in their shell without any warning about credential sensitivity, token scope, expiration, or exposure through shell history, screenshots, shared terminals, or logs. In a developer-facing usage guide, this can normalize unsafe secret handling and increase the chance that users leak reusable API credentials.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal