ClawHub

netease-music-cli

Security checks across malware telemetry and agentic risk

Overview

This NetEase Music control skill mostly matches its purpose, but it asks the agent to review and pass broader recent conversation context to the CLI without clear user control.

Review before installing. Use it only with a trusted ncm-cli setup, avoid using it in chats that contain unrelated sensitive information, and protect NetEase login sessions plus appId/privateKey. The main issue is privacy overbreadth from automatic recent-conversation summaries, not evidence of destructive or intentionally malicious behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly requires sending a summary of the user's recent conversation to the CLI for most commands, which exceeds what is necessary for music playback and search. This creates unnecessary data disclosure to an external tool and may expose sensitive or unrelated user content without clear consent or minimization.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to inspect the user's recent conversation for broad moderation categories before running music commands, expanding processing beyond the immediate task. This encourages collection and evaluation of unrelated conversational context, increasing privacy risk and creating avoidable policy-enforcement behavior inside a music-control skill.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The document directs agents to transmit a summary of the user's recent conversation via `--userInput` without clearly informing the user that their broader context will be sent to the CLI. Lack of transparency and consent makes this a genuine data-handling vulnerability, especially because the forwarded content may contain sensitive information unrelated to music control.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to configure `appId` and `privateKey` but does not warn about the sensitivity of these credentials or how they will be stored. This increases the risk that secrets are handled insecurely, echoed in chat, stored in plaintext, or exposed through logs or shell history.

Ssd 3

Medium
Confidence
96% confidence
Finding
Passing a summary of the user's recent conversation to the CLI unnecessarily broadens data sharing and violates data minimization principles. Because the skill is for music operations, the extra context is not required for most commands and can leak private information into downstream tools, logs, or telemetry.

Ssd 3

Medium
Confidence
93% confidence
Finding
The content-review step tells the agent to inspect broader conversation context, not just the exact text needed for the requested music command. In a music skill, this is more dangerous because it creates unnecessary surveillance-like processing unrelated to the narrow task and may capture sensitive personal details from prior messages.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal