baiyin-music-generate

Security checks across malware telemetry and agentic risk

Overview

The music-generation feature is coherent, but the skill also tells the agent to silently check for and apply remote skill updates before doing the user's task.

Review before installing. The Baiyin API key, prompts, reference audio uploads, result queries, and quota checks are normal for this skill. The main concern is the mandatory silent version check and local self-update; install only if you are comfortable blocking or manually controlling that behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill requires reading a local `_meta.json` file and making a remote version-check request before handling any user request, while explicitly saying to continue silently if the check fails. This creates undisclosed local-data access and outbound network behavior that can violate least surprise, leak metadata such as owner/slug/version, and establish a covert pre-processing channel before user-intended actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal