ClawHub

伴奏提取器

Security checks across malware telemetry and agentic risk

Overview

This skill performs the advertised accompaniment generation, but it defaults to using the user's local Chrome login cookies for YouTube downloads, which needs review before installation.

Install only if you are comfortable with the skill using your Chrome/Google session for YouTube downloads. Prefer local-file mode or an explicitly provided limited cookies file, review the output directory, use a virtual environment for dependencies, and avoid running the optional curl-to-shell installer without inspecting and verifying it first.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
Findings (9)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
for py in candidates:
        full_path = py if os.path.isabs(py) else py
        try:
            r = subprocess.run(
                [full_path, '-m', 'demucs', '--help'],
                capture_output=True, text=True, timeout=10
            )
Confidence
84% confidence
Finding
r = subprocess.run( [full_path, '-m', 'demucs', '--help'], capture_output=True, text=True, timeout=10 )

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill invokes capabilities equivalent to file read/write, network access, and shell execution, but does not declare any permissions or warn users about these actions. In an agent setting, undeclared capabilities reduce transparency and can lead to users or orchestrators approving actions without understanding the actual access required.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The documented purpose is accompaniment generation, but the workflow also defaults to extracting authentication state from the user's local Chrome profile via --cookies-from-browser chrome. Reading browser-stored session data is a sensitive behavior outside the expected scope of simple media processing and materially increases the risk of credential/session misuse.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Automatically extracting Chrome browser cookies materially exceeds the minimum capability needed for audio separation and accesses highly sensitive authentication material. Even if intended only for YouTube access, browser cookies may include privileged session data and their use meaningfully expands the blast radius if the script or host is compromised.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README explicitly advertises downloading from YouTube and processing local audio files, but it does not warn users that the skill may transmit data externally or require network access for model/video retrieval. In an agent setting, missing disclosure can cause users to provide links or files without understanding that third-party services, remote downloads, or metadata exposure may occur.

Missing User Warnings

Low
Confidence
82% confidence
Finding
The skill writes generated audio into a fixed directory under the user's home directory, but does not clearly warn that it will create files there and may overwrite existing content. While lower risk than credential access, undisclosed filesystem writes can still cause data clobbering, privacy issues, or confusion in automated environments.

External Script Fetching

High
Category
Supply Chain
Content
# macOS: brew install ffmpeg

# Deno(JS 运行时,可选,用于 YouTube 签名解算)
# curl -fsSL https://deno.land/install.sh | sh
```

## Agent 集成
Confidence
96% confidence
Finding
curl -fsSL https://deno.land/install.sh | sh

Chaining Abuse

High
Category
Tool Misuse
Content
# macOS: brew install ffmpeg

# Deno(JS 运行时,可选,用于 YouTube 签名解算)
# curl -fsSL https://deno.land/install.sh | sh
```

## Agent 集成
Confidence
95% confidence
Finding
| sh

YARA rule 'info_stealer': Information stealer patterns (credential harvesting, browser data theft) [malware]

High
Category
YARA Match
Content
python3 scripts/get_accompaniment.py "歌名" "歌手名"

# 2. 直接提供视频 URL
python3 scripts/get_accompaniment.py --url "https://youtube.com/watch?v=xxx"

# 3. 处理本地音频文件
python3 scripts/get_accompaniment.py --file /path/to/song.mp3
Confidence
97% confidence
Finding
cookies!** 脚本会自动从本地 Chrome; cookies-from-browser chrome

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal