ClawHub

Discogs Sync

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Discogs tool, but it warrants review because it can make broad account changes and stores/handles Discogs tokens locally.

Install only if you are comfortable giving the skill write access to your Discogs wantlist and collection. Run sync commands with --dry-run first, be especially careful with --remove-extras, prefer exact release IDs for removals, and treat ~/.discogs-sync/config.json as a sensitive token file that should be protected or deleted/revoked when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
# Install requirements into the venv
    pip_cmd = [_VENV_PYTHON, "-m", "pip", "install", "-q", "-r", _REQUIREMENTS]
    subprocess.check_call(pip_cmd, stdout=sys.stderr, stderr=sys.stderr)

    print("Dependencies installed.", file=sys.stderr)
Confidence
81% confidence
Finding
subprocess.check_call(pip_cmd, stdout=sys.stderr, stderr=sys.stderr)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
This bootstrap logic creates a venv and installs dependencies dynamically when the skill runs, which is unrelated to the declared Discogs record-management functionality and expands the attack surface significantly. In an agent environment, implicit dependency installation can enable unreviewed code execution through compromised packages, altered requirements, or unexpected network/package-manager access.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The `remove_extras` branch computes `extras = set(current.keys()) - target_ids` and then removes every matching collection instance, which can delete nearly the entire collection if the input is partial, incorrectly resolved, or unexpectedly empty after resolution failures. In this skill's context, bulk sync against a personal Discogs collection is a destructive operation on user data, and the code provides no scope guard, confirmation, minimum-match sanity check, or explicit opt-in tied to full-collection replacement semantics.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The single-item helpers perform state-changing API operations immediately once called, with no built-in confirmation, preview, or explicit acknowledgement step. In an agent skill context, this increases the risk of unintended wantlist additions or removals from ambiguous user input, mis-resolution of artist/album names, or prompt/automation mistakes, directly modifying a user's external account.

Credential Access

High
Category
Privilege Escalation
Content
Prompts for a token, validates it via client.identity(), and stores it.
    Returns dict with user_token and username.
    """
    token = click.prompt("Enter your Discogs personal access token")

    client = discogs_client.Client(USER_AGENT, user_token=token)
Confidence
88% confidence
Finding
access token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal