ClawHub

AI-Music-Stream

Security checks across malware telemetry and agentic risk

Overview

MuseStream appears to be a real music-streaming skill, but it runs an unauthenticated web server that can use your paid music API key and expose prompts or saved songs if reachable.

Install only if you are comfortable running a local music server tied to your provider API key. Keep it on localhost or put it behind real authentication, firewall rules, TLS, and rate limiting before sharing it. Avoid sensitive personal details in prompts or context fields, protect config.json and the output library, and stop the background server when you are done.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (8)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The header claims the shareable player URL hides the prompt, but the implementation returns the prompt in /start and renders it directly in the player HTML. This mismatch can expose sensitive or private prompt content to users and downstream consumers who rely on the documented privacy behavior.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly encourages exposing shareable player URLs through a reverse proxy or tunnel, but does not clearly warn that generated content, prompts, metadata, and potentially the locally hosted media library may become accessible to external parties if authentication or access control is weak. In this context, the feature is central to the skill, which makes the exposure more dangerous because users are likely to enable remote access as part of normal operation.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
User prompts, including context-derived prompts, are sent to an external third-party music provider with no explicit consent notice or privacy warning in the API or UI flow. In this skill, context fields can include mood, destination, schedule, and notes, making the disclosure more privacy-sensitive than ordinary prompt forwarding.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The server persists prompts and provider metadata, including potentially sensitive context-derived content, into local files without clear user notice or retention controls. Because the application also exposes a library endpoint that returns saved prompts, this storage meaningfully increases privacy exposure if the service is shared or reachable by others.

Unpinned Dependencies

Low
Category
Supply Chain
Content
flask>=3.0.0
requests>=2.31.0
Confidence
95% confidence
Finding
flask>=3.0.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
flask>=3.0.0
requests>=2.31.0
Confidence
95% confidence
Finding
requests>=2.31.0

Known Vulnerable Dependency: flask — 8 advisory(ies): CVE-2025-47278 (Flask uses fallback key instead of current signing key); CVE-2018-1000656 (Flask is vulnerable to Denial of Service via incorrect encoding of JSON data); CVE-2019-1010083 (Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory u) +5 more

High
Category
Supply Chain
Confidence
84% confidence
Finding
flask

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
85% confidence
Finding
requests

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal