ClawHub

Music Identify

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its music-identification purpose, but the optional Spotify integration has security and privacy issues users should review before installing.

Install only if you are comfortable sending chosen audio clips to AudD and, if enabled, granting Spotify playback read/write access. Treat the Spotify feature as review-needed until the URI encoding bug is fixed and token files are always written with restrictive permissions; also review or delete the local music log if you do not want song history retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The script exposes a `status` action that reads the user's current Spotify playback state, device name, and track metadata, which goes beyond the core queueing behavior described as optional in the skill metadata. This creates an unnecessary privacy expansion because an agent invoking the script can inspect listening activity and active device information without that access being clearly bounded to the minimum needed for queueing.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The phrase 'voice messages with song identification intent' is not operationally precise, leaving the agent too much discretion to infer intent from general audio messages. Ambiguous activation boundaries increase the chance of processing audio and sending it to a third-party API when the user did not clearly request identification.

Vague Triggers

Medium
Confidence
81% confidence
Finding
The phrase 'voice messages with song identification intent' is not operationally precise, leaving the agent too much discretion to infer intent from general audio messages. Ambiguous activation boundaries increase the chance of processing audio and sending it to a third-party API when the user did not clearly request identification.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The reference explicitly documents sending user audio files and an API token to a third-party endpoint but provides no privacy, consent, retention, or credential-handling warning. In this skill's context, users may submit voice messages or audio clips expecting local processing, so undocumented external transmission increases the risk of privacy violations and unsafe secret handling.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script uploads the user-provided audio file and API token to a third-party service (AudD) without any visible consent, disclosure, or trust gating in the code path. In a skill that may trigger on voice messages or natural-language requests, this increases privacy risk because potentially sensitive audio is transmitted off-device to an external processor.

External Transmission

Medium
Category
Data Exfiltration
Content
# AudD API Reference (Summary)

## Endpoint
- POST https://api.audd.io/

## Parameters (multipart/form-data)
- `file`: Audio file to identify (OGG/Opus accepted)
Confidence
89% confidence
Finding
https://api.audd.io/

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal