IMA AI Music & Voice Generator — Song, BGM, Background Soundtrack, Jingle, Lyrics, Beat Maker, Voiceover, Narration & Composition

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed IMA music-generation wrapper with some broad routing language and local preference storage, but no artifact-backed malicious behavior.

Install only if you are comfortable sending music prompts to IMA and using an IMA API key that may consume credits. Avoid sensitive prompt text, use a scoped or test key if available, do not override the API base URL to an untrusted server, and delete ~/.openclaw/memory/ima_prefs.json or ~/.openclaw/logs/ima_skills/ if you do not want local preference/log history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The keyword list contains very broad phrases such as generic requests to generate songs, background music, jingles, beats, voiceovers, and narration. These can match many ordinary user requests and cause the skill to trigger when the user did not explicitly intend to invoke this specific tool, increasing the risk of overbroad activation and unintended routing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal