ClawHub

musicful music generator

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Musicful API wrapper that sends user prompts or lyrics to Musicful to generate music, with no hidden destructive or deceptive behavior found.

Install only if you are comfortable sending your music prompts, lyrics, task IDs, and related generation metadata to Musicful. Use a revocable Musicful API key, keep the .env file private, avoid submitting confidential or regulated content, and consider pinning dependency versions in managed environments.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (13)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly reads an API key from .env and makes external HTTP requests, but no corresponding permissions are declared. Hidden env and network access reduces transparency and prevents users or platforms from making an informed trust decision about secret access and data egress. In this context, the skill sends prompts, lyrics, and task IDs to a third-party service, so undeclared capabilities are materially relevant.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The manifest describes a single natural-language music generation command, but the plugin actually exposes several additional operational commands for querying tasks and generating MP4s. This mismatch can mislead users and reviewers about the skill’s true capabilities, reducing informed consent and potentially enabling unexpected external actions or data flows.

Description-Behavior Mismatch

Low
Confidence
91% confidence
Finding
The manifest describes a single natural-language music generation command, but the plugin actually exposes several additional operational commands for querying tasks and generating MP4s. This mismatch can mislead users and reviewers about the skill’s true capabilities, reducing informed consent and potentially enabling unexpected external actions or data flows.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README makes clear that user prompts are submitted to Musicful and that task data is polled remotely, but it does not explicitly disclose the privacy/security implications of sending potentially sensitive user text to a third-party service. This can mislead users into sharing confidential or proprietary content without informed consent, especially because the skill is framed as a simple local command.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill omits a user-facing disclosure that prompts, lyrics, and task identifiers are transmitted to an external API. This creates a privacy and data-handling risk because users may provide sensitive creative content or identifiers without understanding that the data leaves the local environment and is processed by a third party.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The manifest requires an external service API key but does not clearly disclose to users that their prompts, lyrics, or related content may be transmitted to a third-party music-generation provider. This creates a meaningful privacy and trust risk, especially because user-supplied creative text may contain sensitive or proprietary information.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The commands invoke Python scripts that likely forward user-provided prompts or lyrics to external processing, yet the manifest provides no warning that user content leaves the local environment. In a skill handling arbitrary free-form text, this omission increases the chance that users unknowingly submit confidential material to a remote service.

Credential Access

High
Category
Privilege Escalation
Content
## Execution (SOP Step‑by‑Step)

### Preflight Check (Mandatory)
- Read MUSICFUL_API_KEY from the skill folder’s .env (resolved at runtime via the running script path): <skill_root>/.env
  - If not configured (empty/missing), immediately inform the user:
    - "MUSICFUL_API_KEY is not configured. Please visit https://www.musicful.ai/api/authentication/interface-key/
      to obtain/purchase an interface key, then write the KEY into <skill_root>/.env under MUSICFUL_API_KEY."
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
## Execution (SOP Step‑by‑Step)

### Preflight Check (Mandatory)
- Read MUSICFUL_API_KEY from the skill folder’s .env (resolved at runtime via the running script path): <skill_root>/.env
  - If not configured (empty/missing), immediately inform the user:
    - "MUSICFUL_API_KEY is not configured. Please visit https://www.musicful.ai/api/authentication/interface-key/
      to obtain/purchase an interface key, then write the KEY into <skill_root>/.env under MUSICFUL_API_KEY."
Confidence
95% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
- Read MUSICFUL_API_KEY from the skill folder’s .env (resolved at runtime via the running script path): <skill_root>/.env
  - If not configured (empty/missing), immediately inform the user:
    - "MUSICFUL_API_KEY is not configured. Please visit https://www.musicful.ai/api/authentication/interface-key/
      to obtain/purchase an interface key, then write the KEY into <skill_root>/.env under MUSICFUL_API_KEY."
  - Stop subsequent calls and wait for the user to complete configuration before continuing.

The execution flow is intent‑based and incorporates a two‑stage return and a "lyrics‑first" UX:
Confidence
90% confidence
Finding
.env

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.1
Confidence
93% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
python-dotenv>=1.0.1
Confidence
90% confidence
Finding
python-dotenv>=1.0.1

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
96% confidence
Finding
requests

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal