ClawHub

StepAce Experimental

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed StepAce music-generation bridge that uses a pairing token and outbound API calls for its stated purpose, with no artifact-backed malicious behavior found.

Install only if you trust StepAce Experimental and the disclosed bridge endpoint. Treat STEPACE_TOKEN like a password for queuing music on your phone: do not share it, regenerate it if exposed, and review casual or scheduled music requests before the agent sends them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to execute shell commands and source a local environment file, which expands the skill's capabilities from simple music-generation orchestration into local command execution and file access. In this context the commands are not overtly malicious, but they create unnecessary attack surface because shell-based transport can expose secrets, enable command-injection mistakes in future templating, and normalize access to local files beyond the user-visible purpose.

Vague Triggers

High
Confidence
95% confidence
Finding
The invocation scope is excessively broad: it says to use the skill whenever a user asks to generate, create, make, compose, or queue any piece of music, including casual phrasing. That broad matching increases the chance of accidental activation and unintended transmission of user prompts and tokens to the external bridge, especially when a request could be handled locally or by a safer, narrower workflow.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill sends both a persistent pairing token and user-supplied generation content to a third-party bridge, but it does not require an explicit user warning or consent at the point of transmission. This is dangerous because users may not realize their prompt content and device-linking token are being transmitted off-platform to an external service, creating privacy and account-linking risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal