mmMusicExpert

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward MiniMax music-generation helper that sends the user's prompt and lyrics to MiniMax and saves the returned audio locally.

Install only if you are comfortable using a MiniMax API key and sending prompts, lyrics, style references, or auto-lyrics requests to MiniMax for processing. Avoid submitting secrets, sensitive personal text, or confidential unreleased material, and choose an output path where overwriting a file would not matter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The script transmits potentially sensitive user-provided lyrics, prompts, and style references to a third-party API without an explicit consent or privacy warning at the point of use. Users may unknowingly send copyrighted, confidential, or personal material off-platform, which creates privacy, compliance, and data-handling risk in an agent skill context.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal