ClawHub

Free Music Cog

Security checks across malware telemetry and agentic risk

Overview

This skill appears to send user media and prompts to a cloud video-processing service under broader routing than its music-focused description clearly supports.

Install only if you are comfortable with uploaded media, edit prompts, and session metadata being sent to a third-party cloud video service. Use it for explicit media-editing tasks, ask the agent to confirm before upload/export, and avoid private or confidential videos unless the provider’s data handling is acceptable to you.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
86% confidence
Finding
The skill is presented as a narrow tool for adding royalty-free music, but the instructions route a much broader class of editing, state, credit, upload, and export requests into a general video-processing backend. This scope expansion can cause users and host systems to grant trust or provide media under a misleading description, increasing the chance of unintended uploads, edits, or exports.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation examples are broad and generic enough that ordinary user requests like uploading files or exporting video could activate this skill unexpectedly. In a skill that automatically connects to a remote API and processes user media, overbroad triggering raises the risk of unintended cloud upload, token acquisition, or media handling without clear user intent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The catch-all rule routes nearly everything not matching a few keywords into the SSE editing path, which is overly permissive and lacks clear boundaries. Because the SSE path can issue backend editing actions based on natural-language prompts, ambiguous routing can convert unrelated conversation into remote processing requests against user content.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill tells the agent to automatically connect to a third-party processing API and obtain a token, but it does not clearly warn users that their media and prompts may be transmitted to a cloud service. This undermines informed consent and can expose sensitive or private video content to remote processing without an adequate upfront disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal