Back to skill

Security audit

lx-music-assistant

Security checks across malware telemetry and agentic risk

Overview

This LX Music control skill mostly does what it says, but it needs review because playlist commands can pass user-controlled playlist IDs through shell command strings.

Install only if you are comfortable letting the agent control LX Music, read current song/lyrics and local playlist names/songs, and modify favorites or dislike state. Keep the LX Music API bound to localhost, avoid untrusted playlist IDs, and prefer a version that replaces execSync shell strings with argument-safe process calls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill instructs the agent to execute shell commands (`node {skill_dir}/cli/lx-music-cli.js ...`) and appears to access local configuration/environment, but it declares no permissions. Undeclared shell capability is dangerous because it hides the true execution surface from reviewers and policy engines, and user-provided arguments such as song names, singers, playlist IDs, or URLs may later be passed into command execution paths.

Missing User Warnings

Low
Confidence
94% confidence
Finding
The documented scheme URLs include state-changing actions such as collecting and uncollecting the currently playing song, which modify the user's library/preferences, but the skill description does not clearly warn about these side effects. In an agent setting, this can lead to unintended user-state changes if the assistant invokes these actions without explicit confirmation, making the omission a real but low-severity safety issue.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dangerous_exec

Shell command execution detected (child_process).

Critical
Code
suspicious.dangerous_exec
Location
cli/lx-music-cli.js:114