Back to skill

Security audit

Doubao Genbgm

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it exposes and recommends a flag to bypass lyrics copyright checks.

Review this skill before installing if you care about copyright safeguards. Use only original or licensed lyrics, avoid --skip-copy-check, and understand that prompts, lyrics, and generation settings are sent to Volcano Engine using your configured API credentials.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Tainted flow: 'audio_url' from os.environ.get (line 423, credential/environment) → requests.get (network output)

Critical
Category
Data Flow
Content
def download_audio(audio_url: str, output_path: str):
    """Download audio file to local path."""
    print(f"\nDownloading audio to: {output_path}")
    resp = requests.get(audio_url, timeout=120, stream=True)
    if resp.status_code != 200:
        print(f"Error: Download failed HTTP {resp.status_code}", file=sys.stderr)
        sys.exit(1)
Confidence
90% confidence
Finding
resp = requests.get(audio_url, timeout=120, stream=True)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The code exposes a SkipCopyCheck capability that explicitly disables lyrics copyright/plagiarism safeguards. This weakens a provider safety control and enables generation attempts using infringing or near-copied lyrics, which is outside the narrowly necessary functionality of music generation.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The CLI help text advertises a feature to disable lyrics copyright checks, normalizing misuse and signaling to users that bypassing infringement safeguards is an intended workflow. In this skill context, that materially increases abuse likelihood because the tool is specifically for generating music from prompts or lyrics.

Ssd 4

Medium
Confidence
96% confidence
Finding
Including an option whose sole purpose is to bypass lyric copyright review operationalizes abuse of the underlying service's safeguards. Even if the API supports the flag, exposing it in a general-purpose skill lowers the barrier to infringing use.

Ssd 4

Medium
Confidence
99% confidence
Finding
When the provider rejects a task for plagiarism, the script suggests retrying with --skip-copy-check, directly coaching the user to bypass a safety control after a copyright-related denial. This is especially problematic in a music-generation skill because it encourages deliberate infringement attempts.

Env Variable Harvesting

High
Category
Data Exfiltration
Content
args = parser.parse_args()

    # Read credentials (.env first, then environment variables)
    access_key = os.environ.get("VOLC_ACCESS_KEY")
    secret_key = os.environ.get("VOLC_SECRET_KEY")
    if not access_key or not secret_key:
        print("Error: VOLC_ACCESS_KEY / VOLC_SECRET_KEY not set", file=sys.stderr)
Confidence
70% confidence
Finding
os.environ.get("VOLC_ACCESS_KEY

Env Variable Harvesting

High
Category
Data Exfiltration
Content
# Read credentials (.env first, then environment variables)
    access_key = os.environ.get("VOLC_ACCESS_KEY")
    secret_key = os.environ.get("VOLC_SECRET_KEY")
    if not access_key or not secret_key:
        print("Error: VOLC_ACCESS_KEY / VOLC_SECRET_KEY not set", file=sys.stderr)
        print("Please configure them in the .env file:", file=sys.stderr)
Confidence
70% confidence
Finding
os.environ.get("VOLC_SECRET_KEY

Credential Access

High
Category
Privilege Escalation
Content
Usage (generate song from lyrics):
  python3 gen_music.py --mode song --lyrics-file my_lyrics.txt --genre "Folk" --gender Female

Authentication: Set VOLC_ACCESS_KEY and VOLC_SECRET_KEY in .env file
Dependencies: pip install requests
"""
Confidence
60% confidence
Finding
.env

Credential Access

High
Category
Privilege Escalation
Content
script_dir = os.path.dirname(os.path.abspath(__file__))
    candidates = [
        os.path.join(script_dir, ".env"),
        os.path.join(script_dir, "..", ".env"),
    ]
    for path in candidates:
        path = os.path.normpath(path)
Confidence
60% confidence
Finding
.env"

Credential Access

High
Category
Privilege Escalation
Content
secret_key = os.environ.get("VOLC_SECRET_KEY")
    if not access_key or not secret_key:
        print("Error: VOLC_ACCESS_KEY / VOLC_SECRET_KEY not set", file=sys.stderr)
        print("Please configure them in the .env file:", file=sys.stderr)
        print("  VOLC_ACCESS_KEY=your_access_key", file=sys.stderr)
        print("  VOLC_SECRET_KEY=your_secret_key", file=sys.stderr)
        sys.exit(1)
Confidence
60% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.