ClawHub

Roon Controller

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it controls a local Roon player and saves a local Roon token so it can reconnect later.

Install this only if you want the agent to control your Roon playback. Keep ~/clawd/roon_config.json private because it contains a Roon authorization token, consider setting user-only permissions on that file, and revoke the extension in Roon if you stop using the skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation indicates local file read/write behavior by saving persistent configuration and authorization data to `~/clawd/roon_config.json`, but no corresponding permissions are declared. Undeclared storage capability weakens transparency and consent, making it easier for users or platforms to underestimate the skill's access to local data and persistent credentials.

Missing User Warnings

Low
Confidence
90% confidence
Finding
The skill states that a Roon authorization token is automatically saved locally and reused across restarts, but it does not clearly warn about persistent credential storage risks. If the file is readable by other local users, backup systems, or malware, the token could be exposed and used to control the user's Roon environment without reauthorization.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill writes the Roon API token to a local JSON config file in the user's home directory without any access controls, permission hardening, encryption, or user disclosure. If another local user, process, backup system, or malware can read that file, the token could be reused to control the user's Roon Core and expose playback metadata or modify playback state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal