ClawHub

musa-torch-coding

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a MUSA GPU coding helper, but parts of its metadata present it as an OpenAI transcription skill and ask for an unrelated OpenAI API key.

Install only if you intend to use a MUSA/torch_musa coding and code-conversion helper, not an audio transcription skill. Do not provide OPENAI_API_KEY unless the publisher corrects or clearly justifies that requirement, and review any generated file conversions or privileged GPU setup commands before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The manifest claims a speech-to-text skill, but nearly the entire file is about Moore Threads MUSA GPU development, distributed training, and CUDA-to-MUSA conversion. Such identity inconsistency is a supply-chain style risk because it obscures what the skill really does, undermines trust boundaries, and can bypass user scrutiny or policy gating based on metadata.

Intent-Code Divergence

High
Confidence
95% confidence
Finding
The documentation header and introductory body explicitly present a MUSA Torch coding guide, directly contradicting the manifest's transcription-focused intent. This increases danger because a user or automated system may trust the manifest while the actual instructions steer the agent into unrelated code-generation and system-configuration tasks.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
This file implements YOLO object detection training, validation, prediction, and export workflows, which are unrelated to the declared skill purpose of audio transcription via the OpenAI Audio Transcriptions API. That mismatch is dangerous because it expands the skill's effective capability surface, may mislead reviewers and users about what code will run, and could conceal unauthorized GPU-heavy or model-execution behavior inside an apparently benign transcription skill.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The module docstring explicitly describes YOLOv8n training and inference on MUSA GPUs, directly contradicting the skill metadata claiming Whisper-based audio transcription. In this context, contradictory documentation is a security concern because it signals packaging confusion or deceptive scope, making it easier for unrelated or unsafe code paths to be smuggled into a skill under false pretenses.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The reference file is materially unrelated to the declared skill purpose of OpenAI Whisper audio transcription and instead documents MUSA/torch_musa GPU development, build, deployment, and porting workflows. This kind of capability/intent mismatch is dangerous because it can mislead downstream agents or operators into invoking unrelated build or system-level actions, expanding the skill’s effective behavior beyond its stated scope.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
The documentation includes unrelated high-risk operational content such as compilation, Docker, distributed training, deployment, and CUDA-to-MUSA code-porting instructions. In the context of a transcription skill, this increases the chance that an agent or user follows privileged or complex infrastructure steps that are not needed for the advertised task, creating opportunities for misuse, environmental drift, or unintended code execution.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
The file clearly implements a CUDA-to-MUSA source-code converter, while the skill metadata claims the skill performs audio transcription via the OpenAI Audio Transcriptions API. This mismatch is dangerous because users or automated systems may grant the skill permissions or trust based on the declared purpose, while it actually processes and rewrites arbitrary Python code.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
This code reads Python files and writes modified output files, which is unrelated to the declared transcription purpose. In the context of a mislabeled skill, code-rewriting behavior increases the risk of unauthorized or unexpected modification of source repositories, especially if invoked by an agent with filesystem access under false assumptions about the skill's purpose.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The script performs recursive directory traversal and bulk conversion of all Python files, which materially expands its reach beyond a single file and is inconsistent with the manifest's claimed audio-transcription scope. In a mislabeled skill, this broad filesystem operation makes accidental or unauthorized large-scale source modification more likely and more damaging.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The module docstring explicitly states that the script converts PyTorch CUDA code to MUSA, directly contradicting the manifest-declared transcription intent. This inconsistency is a security-relevant integrity issue because it signals that the packaged skill may be misrepresented, undermining trust, review assumptions, and permission decisions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal