ClawHub

Music Helper

Security checks across malware telemetry and agentic risk

Overview

This music helper appears to do what it claims: search NetEase Music, provide recommendations and lyrics, and store music-related favorites or cache data locally.

Before installing, understand that song searches and lyric lookups may be sent to NetEase Music and that favorites, playlists, and cached results can remain in local JSON files. Avoid sensitive music queries on shared systems, and delete the generated JSON files if you no longer want those preferences retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README advertises Netease API integration and crawler-based lyric/query features without clearly informing users that their music searches and lyric requests may be sent to an external service. This can expose user prompts, preferences, or metadata to third parties and is more concerning because the skill appears to rely on remote network access for core features.

Vague Triggers

Medium
Confidence
84% confidence
Finding
Overly broad trigger keywords can cause the skill to activate unexpectedly during unrelated conversations, increasing the chance that it will access network resources or local files without clear user intent. In a skill with file write and network capabilities, accidental invocation expands the attack surface and may lead to unintended data collection or persistence.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The scenario descriptions do not define activation boundaries or non-activation cases, so the agent may invoke this skill whenever music-related text appears even if the user did not request tool use. This ambiguity is risky because the skill is permitted to use network and local storage, making unintended execution more consequential than a purely conversational skill.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The skill persists user music preference data to local JSON files without any disclosure, consent, retention policy, or access controls. While the stored data is not highly sensitive in most contexts, silent persistence of behavioral preference data can violate user expectations and expose private interests if the host environment is shared or the files are later accessed by other local processes.

VirusTotal

2/66 vendors flagged this skill as malicious, and 64/66 flagged it as clean.

View on VirusTotal