ClawHub

Udio

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about using Udio, but it requires careful handling of a sensitive Udio session token if API mode is used.

Install only if you are comfortable using Udio's unofficial/internal API through community wrappers. Treat sb-api-auth-token like a password, avoid pasting it into chats or plain files, store it in a credential manager or environment variable, review ~/udio/memory.md for sensitive project details, and inspect the third-party wrapper packages before giving them your token.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The skill explicitly instructs extracting the `sb-api-auth-token` from browser cookies and reusing it outside the normal browser session. That is credential extraction and persistence of a live authentication token, which can enable account takeover or unauthorized API access if mishandled, logged, exfiltrated, or reused beyond the user's intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This documentation directs users to extract a live browser session cookie token (`sb-api-auth-token`) and use it with unofficial third-party wrappers for an internal, unsupported API. Even though it advises against plaintext storage, it does not adequately warn that this token likely grants account-level access and that sharing it with wrappers, scripts, logs, or untrusted environments could enable account takeover or misuse of the user's session.

Missing User Warnings

High
Confidence
95% confidence
Finding
The document tells the user to copy a sensitive auth token and even store it for later use, but provides no meaningful warning that this token is equivalent to account credentials. In a skill context, this is especially dangerous because users may follow the steps verbatim and expose the token to logs, terminal history, screenshots, or other tools.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The setup instructs the agent to ask whether the skill should activate whenever the user mentions making music, which creates an overly broad trigger condition. Ambiguous activation can cause the skill to engage outside the user's clear intent, leading to unintended handling of prompts, storage of preferences, or credential-related guidance in unrelated conversations.

Ssd 3

High
Confidence
99% confidence
Finding
These instructions normalize extracting an authentication token from browser cookies for later reuse, effectively bypassing intended session boundaries and expanding where the credential lives. That increases exposure surface and creates a durable secret that can be stolen or abused by other processes, tools, or anyone with access to the host environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal