ClawHub

Play Local Music

Security checks across malware telemetry and agentic risk

Overview

This is a local music playback skill with disclosed localhost server behavior and no evidence of theft, exfiltration, deception, or destructive automation.

Before installing, verify that the missing `play-music` wrapper is supplied elsewhere, install pygame only from a trusted Python package source, keep `MUSIC_DIR` limited to intended audio files, do not set `MUSIC_LOCK_FILE` to sensitive paths, and prefer the documented server-stop command over broad `pkill` troubleshooting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Tainted flow: 'LOCK_FILE' from os.environ.get (line 18, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
def save_lock_file():
    """Save server port to lock file"""
    try:
        with open(LOCK_FILE, 'w') as f:
            f.write(str(CONTROL_PORT))
        os.chmod(LOCK_FILE, 0o666)  # Make it readable by all
    except Exception as e:
Confidence
89% confidence
Finding
with open(LOCK_FILE, 'w') as f:

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly instructs users to kill processes matching `music-server.py` with `pkill -f`, which can terminate unintended processes based on a broad pattern match and cause denial of service or disruption to other sessions. Combined with guidance to run a background server, this normalizes unsafe process management without warning about scope, ownership checks, or safer alternatives.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The server accepts commands over a localhost TCP socket with no authentication or authorization checks. Any local process running as the same user, or potentially another local user depending on host configuration, can issue play, stop, or shutdown commands, enabling unauthorized control and denial of service of the music service.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal