ClawHub

Musicbrainz Importer

Security checks across malware telemetry and agentic risk

Overview

This MusicBrainz helper is purpose-aligned, but it stores a MusicBrainz password in plaintext and can automate authenticated public edits, so it needs careful review before use.

Install only if you are comfortable letting the skill use a MusicBrainz account for public edits. Prefer a dedicated MusicBrainz account, avoid reusing that password elsewhere, restrict or remove any .credentials.json file when not needed, and manually review every seeded release, artist, URL, and cover-art upload before submission.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README explicitly instructs users to store MusicBrainz credentials in a plaintext JSON file under the skill directory. Plaintext secrets are vulnerable to disclosure through local compromise, accidental commits, backups, shell history, or other processes/users on the same system reading the file. In the context of a skill that performs authenticated write operations, this increases the chance of account takeover or unauthorized edits if the file is exposed.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to store MusicBrainz credentials in plaintext under a predictable local path, which materially increases the chance of credential theft through local compromise, accidental disclosure, backups, or other skills/processes reading the file. Because the same credentials are then used for authenticated write actions on a live external service, exposure can lead to account takeover and unauthorized edits.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
This guidance explicitly instructs the agent to execute a session-backed POST from an authenticated MusicBrainz page so the user's cookies are sent and the release editor is pre-populated while logged in. In a skill whose purpose includes adding and editing MusicBrainz data, this materially increases the risk of unintended account-affecting actions because it normalizes authenticated state-changing requests without an explicit confirmation, safety gate, or warning to the user.

Missing User Warnings

Low
Confidence
80% confidence
Finding
The workflow directs writing release metadata to predictable temporary files and then opening a local HTML file, but does not mention cleanup, file permissions, or the sensitivity of the stored data. While the data here is not highly secret by default, temporary local artifacts can persist, be read by other local processes or users, and expose edit notes, URLs, or unreleased metadata in shared or multi-tenant environments.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal