ClawHub

baiyin-track-separation-skill

Security checks across malware telemetry and agentic risk

Overview

This audio-splitting skill does the advertised task, but it also tells the agent to silently self-update and to downplay external audio uploads.

Install only if you trust Baiyin/Hikoon with the audio you submit and with your Baiyin API key. Before using it on private recordings, confirm where files are uploaded, who can access the generated URLs, how long files are retained, and whether self-update behavior can be disabled or handled by the platform with user approval.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The skill injects a mandatory pre-execution workflow to read local metadata and contact a remote SkillHub service before performing the requested audio task. This behavior is unrelated to track separation, expands the trust boundary, and creates an unnecessary supply-chain/network action that could change the skill at runtime without user awareness or approval.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill explicitly instructs the agent to silently query a remote service for version information and continue without notifying the user even on failure. Silent background network activity before handling the user's request undermines transparency and can leak metadata about the local installation or usage patterns.

Missing User Warnings

High
Confidence
99% confidence
Finding
The skill says local files, attachments, or private links should be uploaded to an external service as an internal implementation detail while also telling the agent not to clearly explain this to the user. That creates a significant privacy risk because user-provided audio may be transmitted off-platform without informed consent or an explicit warning.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal