Back to skill

Security audit

音乐发现应用

Security checks across malware telemetry and agentic risk

Overview

This is a music discovery web app whose network calls match its advertised features, with privacy and deployment caveats users should understand.

Install only if you are comfortable running a local Python/Next.js web app that sends music-related searches to the listed external music services. Review dependencies, bind the backend to localhost unless network exposure is intended, and do not enable TLS settings that disable certificate checks in production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill is presented as a music discovery application, but the documentation introduces server configuration modification as an inherent risk operation. That expands the apparent scope from content retrieval to operational system changes, which is unnecessary for the stated use case and increases the chance that users authorize broader actions than expected.

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
A music discovery skill has no clear business need to modify server configuration, making this capability contextually inappropriate. Out-of-scope operational abilities are dangerous because they can be abused to alter service behavior, weaken security settings, or disrupt availability under the cover of a benign application.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The README states the app integrates several third-party music APIs and emphasizes that no authentication is required, but it does not disclose that user search terms, artist lookups, lyrics requests, and radio queries will be transmitted to external services. This is a genuine transparency and privacy issue because users may unknowingly send behavioral or preference data to multiple providers, each with its own logging and retention practices.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The backend forwards user-provided search terms, artist names, song titles, and related inputs to multiple third-party services without any visible disclosure, consent flow, or minimization controls in this file. While expected for aggregator functionality, this still creates a real privacy risk because user queries and interests are exposed to external providers, potentially enabling profiling or logging outside the app's control.

External Transmission

Medium
Category
Data Exfiltration
Content
# API端点配置
ITUNES_SEARCH_URL = "https://itunes.apple.com/search"
LYRICS_OVH_URL = "https://api.lyrics.ovh/v1"
MUSICBRAINZ_URL = "https://musicbrainz.org/ws/2"
RADIO_BROWSER_URL = "https://api.radio-browser.info/json"
BANDSINTOWN_URL = "https://rest.bandsintown.com"
Confidence
84% confidence
Finding
https://api.lyrics.ovh/

External Transmission

Medium
Category
Data Exfiltration
Content
ITUNES_SEARCH_URL = "https://itunes.apple.com/search"
LYRICS_OVH_URL = "https://api.lyrics.ovh/v1"
MUSICBRAINZ_URL = "https://musicbrainz.org/ws/2"
RADIO_BROWSER_URL = "https://api.radio-browser.info/json"
BANDSINTOWN_URL = "https://rest.bandsintown.com"

# 请求参数模型
Confidence
84% confidence
Finding
https://api.radio-browser.info/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.insecure_tls_verification

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
frontend/src/api/music.ts:3

HTTPS certificate verification is disabled.

Warn
Code
suspicious.insecure_tls_verification
Location
backend/ssl_config.py:70