ClawHub

baiyin-cover-sing-skill

Security checks across malware telemetry and agentic risk

Overview

The AI cover workflow mostly fits its purpose, but the skill also tells the agent to silently check for and install remote skill updates before every use.

Review this before installing. Use it only if you are comfortable providing a Baiyin API key and sending selected audio to Baiyin, and avoid uploading sensitive or copyrighted material unless you have the right to do so. Do not allow silent self-updates during normal use; update the skill only through a trusted, user-approved install or package-management flow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill inserts a mandatory pre-execution self-update gate that reads local metadata and contacts SkillHub before performing its advertised Baiyin cover-task function. This is unrelated to the declared business purpose and creates an unnecessary outbound trust dependency that could be abused for supply-chain style prompt/instruction replacement, silent behavior changes, or covert metadata exfiltration before every user request.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill directs the agent to send API credentials and user-supplied audio URLs/files to a third-party service, including an upload endpoint, without requiring a user-facing disclosure or consent step. In this context, users may provide copyrighted, sensitive, or private audio, so silent transmission to an external platform increases privacy, compliance, and data-handling risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal