ClawHub

Ultimate Music Manager

Security checks across malware telemetry and agentic risk

Overview

This music organizer is mostly aligned with its purpose, but it needs Review because it can broadly reorganize local music files, uses optional Spotify account access, and has some under-disclosed or unsafe execution details.

Install only after reviewing the upstream sonic-phoenix repository and backing up the target music folder. Set MUSIC_ROOT narrowly, run --dry-run first, avoid Spotify sync unless you need it, keep the Spotify token cache private, and treat status.sh cautiously until the eval-based path handling is fixed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The safety section claims 'No writes into the music hierarchy,' but the pipeline description repeatedly states that files are moved and re-sorted under MUSIC_ROOT and SORTED_ROOT. Misleading safety guarantees can cause users or agents to authorize execution under false assumptions, increasing the chance of unintended file modifications across a personal media library.

Intent-Code Divergence

Medium
Confidence
88% confidence
Finding
The document says duplicates are only moved to staging for manual review, yet later references mention destructive utilities such as force-delete and scrub operations. Even though a hook is described, the existence of such utilities contradicts the safety narrative and may normalize or conceal destructive functionality that could delete user data if invoked directly or if guardrails are bypassed.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The hook documentation describes a 'Sonic Phoenix' destructive-script guard that is unrelated to the declared music-library skill, indicating copied or hidden functionality inconsistent with the skill’s stated purpose. This kind of capability mismatch is dangerous because it can conceal undeclared behavior around destructive scripts and reduce operator trust and reviewability, especially when the skill is expected to manage local files.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
The file documents a PreToolUse hook on Bash commands, which gives the skill visibility into and influence over shell execution beyond what is necessary for simple music-library organization. Even if framed as a safety feature, broad interception of Bash can be abused to alter execution flow, inject prompts, or normalize undocumented command mediation in a local-file-management skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documentation identifies `.spotify_token_cache` as a cached OAuth token but does not warn users that it is sensitive and should not be shared, committed, or deleted indiscriminately. In this skill's context, the `.data/` directory is described earlier as generally safe to delete, which can mislead users into exposing or mishandling credentials stored alongside other regenerable artifacts.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This script orchestrates multiple destructive or reorganizing operations across a local music library, including sorting, deduplication, metadata enrichment, and finalization, yet it proceeds directly from plan display to execution without an explicit confirmation or strong warning that files may be moved, modified, or overwritten. In the context of a music-management skill, these behaviors are expected, but the lack of a clear pre-execution safety prompt increases the risk of accidental data loss, unwanted reorganization, or irreversible metadata changes if the user runs it on the wrong directory or with misunderstood expectations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal