ClawHub

Apple Music

Security checks across malware telemetry and agentic risk

Overview

This Apple Music skill is mostly a coherent integration guide, but it deserves review because it teaches persistent library edits, playlist deletion, token handling, and an unpinned external install without enough safety guidance.

Install only if you are comfortable letting an agent control Apple Music and potentially modify your library. Before using write or delete operations, require explicit confirmation and verify the target playlist or track first. Treat MusicKit tokens and .p8 keys as secrets, avoid logging or hardcoding them in shared files, and only install the referenced MCP server after reviewing and pinning the upstream code you intend to run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill includes examples for deleting playlists and removing tracks without any caution, confirmation guidance, or mention of reversibility. In an agent setting, this can normalize destructive actions and lead to accidental loss of user-curated library state if an implementation follows the examples directly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The writable track property examples change ratings and metadata in the user's library but do not warn that these actions persistently alter personal data. In an automation or agent context, that omission increases the risk of unintended edits to a user's collection and preferences.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The authentication section handles developer tokens, user music tokens, and a private key, but it does not include any privacy or secret-handling warning. This is risky because readers may embed secrets insecurely, log tokens, or expose private keys while following the examples.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal