ClawHub

AI Songwriter

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent automated song generator, but it needs review because it immediately uses a local API key for external generation and includes under-disclosed callback and helper-script behavior.

Install only if you are comfortable with an automatic workflow that sends generated song content to KIE/Suno using your API key and may consume provider credits without a review step. Review the helper script first, especially the hard-coded callback URL and the unused cover/extend modes, and prefer a scoped or low-risk API key if the provider supports it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill relies on an environment variable API key but does not declare or surface that capability in its manifest, creating a hidden privilege boundary. Undeclared access to local credentials reduces transparency and can lead users or host systems to authorize a skill whose actual data access is broader than expected.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior says the skill only takes a theme and automatically writes lyrics and generates a song, but the implementation hints at broader capabilities such as cover generation, extension flows, uploaded-audio-based continuation, and local script execution against a different external provider. This kind of description-behavior mismatch is dangerous because users and reviewers may consent to a narrow creative workflow while the skill actually performs materially different actions and handles additional data types.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
Requiring an API key from environment variables introduces secret handling and outbound service access that is not adequately justified or disclosed by the user-facing description. In practice, this means the skill can transmit user content and use sensitive credentials in ways a user may not expect from a simple songwriting helper.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The skill instructs execution of a local Node.js script with shell command substitution and writes lyrics to /tmp before invoking the generator. This expands the attack surface from content generation to local command execution and file-system interaction, which is significantly more dangerous than the manifest implies and can enable injection or unintended host-side effects if inputs are not strictly controlled.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Mandating fully automatic execution without intermediate confirmation removes a safety checkpoint before writing files and invoking external generation scripts. In this context, the lack of consent or review is more dangerous because the skill performs external actions beyond simple text drafting, increasing the chance of unintended data transmission or execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill asks for an API key in environment variables but does not warn users about credential handling, storage expectations, or that content will be sent to an external service. Hidden credential use is a security concern because it can expose secrets to a broader execution path than the user realizes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal