ClawHub

Partykeys Midi

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to control a PartyKeys MIDI keyboard, but it opens an unauthenticated network WebSocket service and makes persistent OpenClaw configuration changes that users should review first.

Install only if you are comfortable running a local hardware-control bridge reachable on your network. Use it only on a trusted LAN, avoid exposing port 18790 to the internet, review or back up ~/.openclaw/mcp.json and ~/.openclaw/openclaw.json before setup, and remove the MCP entry and skill symlink when you no longer need it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (7)

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The server binds a WebSocket endpoint to 0.0.0.0 with no authentication, authorization, origin checks, or client identity validation. Any host that can reach port 18790 can connect, send forged status/command/result messages, interfere with pending command routing, and potentially control the connected keyboard or spoof device state.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The code actively scans and enumerates all nearby BLE devices, which exceeds the stated skill scope of controlling a PartyKeys device via WebSocket. In an agent context, broad device discovery can expose nearby device identifiers and enable unintended interaction with unrelated hardware, increasing privacy and capability risk beyond user expectations.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The implementation accepts arbitrary BLE addresses and connects directly to them, rather than limiting control to the intended PartyKeys pathway. This creates a broader-than-declared hardware control primitive that could be used to interact with unintended nearby devices, violating least privilege and potentially affecting other BLE peripherals in range.

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp>=1.0.0
aiohttp>=3.9.0
Confidence
93% confidence
Finding
mcp>=1.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
mcp>=1.0.0
aiohttp>=3.9.0
Confidence
92% confidence
Finding
aiohttp>=3.9.0

Known Vulnerable Dependency: mcp — 3 advisory(ies): CVE-2025-53366 (MCP Python SDK vulnerability in the FastMCP Server causes validation error, lead); CVE-2025-66416 (Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection); CVE-2025-53365 (MCP Python SDK has Unhandled Exception in Streamable HTTP Transport, Leading to )

High
Category
Supply Chain
Confidence
98% confidence
Finding
mcp

Known Vulnerable Dependency: aiohttp — 10 advisory(ies): CVE-2024-52303 (aiohttp has a memory leak when middleware is enabled when requesting a resource ); CVE-2026-34514 (AIOHTTP has CRLF injection through multipart part content type header constructi); CVE-2026-34517 (AIOHTTP has late size enforcement for non-file multipart fields causes memory Do) +7 more

High
Category
Supply Chain
Confidence
97% confidence
Finding
aiohttp

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal