ClawHub

Code to Music

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: turn a user-selected code file into music through MiniMax, with privacy and download-hardening caveats.

Install only if you are comfortable using MiniMax for music generation and sending code-derived metadata to that service. Use non-sensitive files, keep the MiniMax key in an environment variable, and avoid running it on proprietary code unless that disclosure is acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Tainted flow: 'audio_url' from requests.post (line 216, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
if resp.get('data', {}).get('audio'):
        audio_url = resp['data']['audio']
        print(f'[DOWNLOADING] {audio_url}')
        ar = requests.get(audio_url, timeout=60)
        with open(output_file, 'wb') as f:
            f.write(ar.content)
        size_kb = len(ar.content) // 1024
Confidence
86% confidence
Finding
ar = requests.get(audio_url, timeout=60)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill documentation describes capabilities that read files, use environment variables, and make outbound network requests, but it does not declare corresponding permissions. This creates a transparency and consent problem: users or platforms may not realize that local code characteristics and API credentials are involved, increasing the risk of unintended data exposure or over-privileged execution.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says code files are analyzed and a MiniMax API is called, but it does not clearly warn users that source-code-derived characteristics are sent to an external service. Even if only features rather than full source are transmitted, structural metadata about proprietary code can still leak sensitive information about project size, complexity, or internals to a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This skill reads a local code file, derives structured features from it, and sends generated prompt material based on that code to an external music-generation API without any explicit user warning or consent step. In the context of a code-processing skill, that is dangerous because users may run it on proprietary or sensitive source files and may not realize code-derived information is leaving their environment.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal