Spotify Playlist Builder

Security checks across malware telemetry and agentic risk

Overview

This looks like a real Spotify playlist tool, but it needs review because it stores persistent Spotify credentials and can read personal listening/profile data and modify playlists without strong consent boundaries.

Install only if you are comfortable granting a persistent Spotify credential that can read listening history and modify playlists. Prefer using private playlists, avoid the profile command unless needed, remove unused scopes if possible, and delete or revoke the saved token when you stop using the skill.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration

Findings (7)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 92% confidence
Finding: The skill instructs use of shell commands, network access to Spotify, and writes long-lived tokens to disk, yet it declares no permissions or guardrails. This creates a capability mismatch where a caller or hosting platform may not realize the skill can perform external API actions and persist sensitive credentials locally.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill exposes a me command that returns profile data including email, country, and subscription product, which exceeds the playlist/music-management functionality described in the manifest. In an agent setting, unnecessary access to and disclosure of personally identifiable information increases privacy risk and broadens the blast radius if the tool is invoked unintentionally or by prompt manipulation.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The activation trigger is overly broad because it claims applicability to essentially any Spotify-related request, including actions with different privacy and mutation levels such as reading history, searching, and modifying playlists. Broad routing increases the chance the skill is invoked for sensitive operations without sufficiently specific user intent or confirmation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly encourages use of personal listening history to personalize results but provides no user-facing privacy notice or consent step. Accessing recent plays and top tracks can reveal sensitive preferences and behavioral patterns, especially if invoked automatically during playlist generation.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The script stores long-lived secrets on disk, including the Spotify refresh token and client secret, in a predictable path under the user's home directory. Even though it sets file mode 0600, local credential persistence increases exposure to malware, backups, accidental sharing, or other local compromise, and the script does not prominently warn the user before doing so.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The profile command returns sensitive account information directly with no confirmation, warning, or indication that personal data such as email will be exposed. In an agent workflow, this can lead to silent over-collection or disclosure of private data during otherwise routine Spotify tasks.

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: spotify-playlist description: Build and manage Spotify playlists from natural language requests. Search tracks/artists/albums, create playlists, manage tracks, view listening history. Use when the user asks to create a playlist, find music, check what they've been listening to, or any Spotify-related request. Examples - "make me a playlist for a rainy Sunday", "what have I been listening to lately", "find songs like Bonobo". --- # Spotify Playlist Builder
Confidence: 88% confidence
Finding: create playlists, manage tracks, view listening history. Use when the user asks to create a playlist, find music, check what they've been listening to, or any Spotify-related request. Examples - "make

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal