MIDI Music Composer

Security checks across malware telemetry and agentic risk

Overview

This is a local MIDI composition tool with disclosed file creation and preference-memory behavior, but users should know feedback can be saved locally.

Install this if you are comfortable with a local music tool creating MIDI/JSON files and saving your song ratings or comments for future personalization. Avoid putting sensitive information in feedback notes, and delete ~/.hermes/music-composer-preferences.json if you want to reset its learned preferences.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 93% confidence
Finding: The skill invokes local Python scripts, reads reference files, and writes outputs and preference data, yet it declares no permissions. That creates a transparency and consent gap: a host may route the skill assuming it is passive while it actually performs shell execution and filesystem access. In this context the behavior appears aligned with the skill’s purpose, but the undeclared capabilities still increase risk because users and platform controls are not clearly informed.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The skill description says it generates MIDI compositions, but the instructions also direct the agent to critique outputs, generate audition experiments, and persist user preference and calibration data. This mismatch can mislead users and policy systems about the true data handling and behavioral scope, especially because the extra behaviors include long-lived storage and profiling of tastes. The mismatch is not overtly malicious, but it broadens trust and privacy risk beyond what the description suggests.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The script persistently stores structured user preference data, calibration history, ratings, and free-form notes in a long-term memory file, which goes beyond transient processing needed to record a single audition result. In the context of a music-composition skill, this creates unnecessary user profiling and retention risk, especially because the stored data can accumulate over time without any visible consent or retention controls.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Using a hidden file under the user's home directory establishes silent, durable state outside the immediate task flow, enabling the skill to retain behavioral data across sessions. That capability is not obviously necessary for generating songs or recording a one-off audition and increases privacy risk because users may be unaware that data is being accumulated locally in a hidden path.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: This script goes beyond transient song generation and builds a persistent preference profile from user feedback, including genres, instruments, free-form notes, and per-song ratings. In the context of a music-generation skill, this creates unnecessary retention of behavioral data that can reveal user tastes or personal information embedded in notes, expanding the skill's data collection surface beyond its stated purpose.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The code writes a persistent user profile to a file in the home directory by default, storing liked/disliked genres, instruments, notes, and rated songs without any access controls, consent flow, or clear necessity for core song generation. This is dangerous because it silently creates durable local profiling data that may be exposed to other local processes, backups, or future misuse, especially when free-form notes may contain sensitive user information.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill instructs recording user opinions, ratings, and notes into persistent preference files without first informing the user that their feedback will be stored locally for future personalization. Persistent storage of subjective feedback creates a privacy issue and can amount to profiling, especially when linked across sessions and used to shape future outputs. The risk is heightened because storage appears to happen by default after normal conversational feedback.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script writes raw ratings and free-form opinion text into persistent storage without any explicit warning, consent flow, or sanitization boundary for sensitive user-entered content. Free-form notes may contain personal or sensitive information, and long-term retention of that text is disproportionate to the stated purpose of composing music and recording audition outcomes.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal