Back to skill

Security audit

Evez Daw Agent

Security checks across malware telemetry and agentic risk

Overview

This music-generation skill is mostly coherent, but its local server is exposed too broadly and lets callers read or write filesystem paths with weak controls.

Install only if you are comfortable running a network-accessible local audio service. Prefer running it behind localhost-only binding or a firewall, avoid exposing the port to other machines, and review or patch the filename and sample path handling before using it with untrusted clients.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
79% confidence
Finding
The skill starts an unauthenticated HTTP server bound to 0.0.0.0 and exposes file-processing endpoints to the network. That materially expands the attack surface beyond pure local audio synthesis and allows any reachable client to invoke expensive processing and file-write operations.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The /api/chop endpoint reads any filesystem path supplied by the caller if it exists, with no sandboxing or path restriction. An attacker who can reach the service can probe for file existence and cause arbitrary local audio files—or potentially other parsable files—to be opened and processed, creating unintended local file access.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The API writes output files using caller-controlled filenames under the output directory without sanitizing path components. A filename containing traversal sequences or absolute-style paths can escape the intended directory and overwrite arbitrary files writable by the process.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.