Back to skill

Security audit

clawtunes

Security checks across malware telemetry and agentic risk

Overview

This skill clearly lets an assistant control Apple Music on a Mac, with no hidden files or unrelated behavior found.

Install this only if you want an assistant to control Apple Music on your Mac. Be aware it can start playback, change volume or AirPlay output, and create or modify playlists; for ambiguous music requests, make clear whether you want Apple Music controlled or just want information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description contains broad triggers like playing music, searching for songs, controlling audio playback, and managing Apple Music settings, which can overlap with many ordinary user requests. In an agent-routing context, this can cause the skill to activate too often and execute local system actions on macOS without sufficiently narrow intent matching, increasing the chance of unintended behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.