cmus Music Player

Security checks across malware telemetry and agentic risk

Overview

This music-player skill does what it says, but it tells the agent to handle media file paths in a way that can run unintended local commands.

Review before installing. Use this only if you are comfortable letting the agent control cmus and your desktop session, and do not use it with untrusted downloads or filenames until the `eval echo` path handling is replaced with safe path resolution such as `realpath --` plus proper quoting.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: The skill explicitly requires resolving a user-influenced file path with `eval echo`, which causes the shell to interpret metacharacters and command substitutions rather than treating the path as data. In this skill's context, the path is expected to come from another tool (`yt-dlp`) or user request, so this expands the attack surface from playback control to arbitrary shell execution.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill directs the agent to start a terminal, inject session environment variables, wait for a socket, and then modify the user's cmus queue and playback settings without requiring explicit user confirmation. In a headless/background-agent setting, this can create surprising side effects, interfere with an active user session, and execute GUI-affecting behavior in the wrong desktop context.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal