ClawHub

LYGO TruthLightEcho

Security checks across malware telemetry and agentic risk

Overview

This skill is a local creative audio generator, with a disclosed but noteworthy optional write into a local 3-Brain memory system.

Install only if you are comfortable with local audio/profile generation and optional local 3-Brain memory integration. Run it in a trusted project folder, review any local lyra_brain.py before use, and avoid using sensitive filenames or profiles if you do not want a summary persisted to that local memory system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The code performs an automatic write into a separate '3-Brain' memory subsystem after generating the advertised outputs, which exceeds the documented behavior of producing audio and a profile JSON. This creates an undisclosed persistence channel for user-derived content and metadata, which can leak information or create cross-skill data retention without explicit consent.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script modifies sys.path at runtime and imports an unrelated local module, which bypasses normal dependency boundaries and allows unexpected code to be loaded from the current working directory. In a shared or untrusted workspace, this can cause execution of attacker-controlled Python code via a malicious lyra_brain module.

Intent-Code Divergence

Low
Confidence
90% confidence
Finding
The documentation states local-first behavior and implies review before external actions, but the implementation silently performs an additional persistence action to another subsystem. This mismatch undermines informed consent and increases the chance that users expose data they believed would remain limited to local audio/profile generation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal