ClawHub

Piano

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it mixes an unclear Piano identity with authenticated Membrane API access that can run raw write or delete requests.

Install only if you can verify which Piano service this is meant to connect to and you trust the Membrane CLI flow. Review the authorization screen, use the least-privileged account available, prefer discovered read-only actions first, and require explicit approval before any raw POST, PUT, PATCH, or DELETE request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

High
Confidence
93% confidence
Finding
The skill presents conflicting identity and purpose: it is described as a virtual musical piano while the rest of the document is clearly about a Piano data-platform integration. This can mislead users and downstream agents into invoking the skill under the wrong assumptions, increasing the chance of unintended external API access or data operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The invocation guidance is broad enough that an agent may select this skill for vague requests involving 'Piano data' without sufficient user confirmation of the intended system, account, or action. In a skill that can enumerate connections, run actions, and proxy arbitrary requests, over-broad triggering raises the risk of unintended data access or modification.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill explicitly instructs use of direct proxied API requests but does not require warning or confirmation that user data will be transmitted to an external service. This is dangerous because proxying arbitrary endpoints can expose sensitive business data or trigger side effects without the user understanding the scope of external transmission.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal