ClawHub

MusicRouter

Security checks across malware telemetry and agentic risk

Overview

MusicRouter mostly does what it says, but its URL handling can fetch non-music or internal URLs and it sends submitted links to third-party services with limited disclosure.

Review before installing. Use only normal public music links from supported services, avoid private or sensitive URLs, and keep logging off unless needed. A safer version should validate exact hostnames, restrict redirects, strip unnecessary query parameters, and add a clear privacy disclosure for song.link, Netease, QQ Music, and other provider calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly states it uses the Odesli/song.link API to resolve international music links and fetch album artwork, which means user-supplied URLs and associated music metadata are sent to a third-party service. The documentation does not clearly warn users or calling agents about this external data sharing, so potentially sensitive listening preferences, shared links, or metadata could be disclosed without informed consent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The code sends a user-supplied music URL to the third-party song.link API without any consent prompt, warning, or minimization. This creates a privacy and data-sharing risk because URLs may contain personal listening history, tracking parameters, or private/pre-release links that are transmitted off-platform.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function fetches arbitrary user-provided URLs directly with requests.get, causing the host running this script to contact attacker-controlled or untrusted domains. In an agent/server context this is more dangerous than a normal client-side fetch because it can leak network metadata and behaves like an SSRF-style primitive if attackers can supply non-music URLs that still pass loose platform matching.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal