Back to skill

Security audit

FL Studio Scripting

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only FL Studio scripting skill whose project-editing capabilities are disclosed and aligned with its purpose.

Installers should understand that scripts or PyFLP examples based on this skill can modify FL Studio projects or controller behavior. Work on copies of important .flp files, keep backups, and review generated scripts before running them in FL Studio.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly advertises FLP save-file manipulation and project reading/writing but does not warn users about the risk of overwriting, corrupting, or unintentionally modifying project files. Because users may apply examples or automation to production project files, the omission increases the chance of destructive use or data loss even if no direct exploit code is present.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The PyFLP section normalizes reading and writing .flp files without any caution that write operations may produce irreversible or unintended changes to project state. In a scripting skill focused on automation and batch processing, that missing warning is more dangerous because users may run modifications at scale across many files.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.