ClawHub

Album Pipeline

Security checks across malware telemetry and agentic risk

Overview

This is a coherent AI album-production workflow, but it can create many project files, run background sub-agents, and call MiniMax generation tools.

Install only if you want a full automated album workflow. Run it in a dedicated project folder, review generated prompts and lyrics before provider generation if confidentiality matters, and ensure MiniMax CLI, ffmpeg, ffprobe, and zip are trusted and configured as expected.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (15)

Vague Triggers

Medium
Confidence
96% confidence
Finding
The trigger phrases are extremely generic (e.g. 'album pipeline', 'AI 音乐专辑', '做一张专辑'), making accidental activation plausible during ordinary conversation or documentation review. In an agent skill that orchestrates multi-phase generation, file writes, packaging, and external model invocation, unintended triggering can lead to unwanted actions and resource consumption without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README describes automated writing, updating, transcoding, packaging, and archival of deliverables, but does not clearly warn users that local files and generated artifacts will be created or modified. In a skill designed to coordinate many sub-agents across fixed paths and packaging stages, this lack of disclosure increases the risk of unexpected filesystem changes, overwrites, clutter, or unsafe execution in sensitive workspaces.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list is broad enough that normal conversation about making an album could activate a complex multi-phase workflow with extensive file creation and subprocess orchestration. In this skill, that matters because activation appears to lead into a pipeline that can spawn many sub-agents and eventually invoke a CLI music generator, increasing the chance of unintended execution from a loosely matched request.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill mandates broad write behavior across many phases and sub-agents, but the top-level description does not warn the user that invoking it may create or modify numerous files according to rigid contracts. This can cause unintended workspace changes, especially because the pipeline emphasizes autonomous phase progression and parallel agent execution.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill references MiniMax CLI-based music generation and generated media outputs, but does not clearly warn users that external tooling may be invoked and media artifacts will be produced. That omission is risky because CLI execution and artifact generation can consume resources, create unexpected outputs, and broaden the trust boundary beyond simple text editing.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match ordinary creative conversations, which can cause the skill to activate when the user did not intend to start a structured album-design workflow. Because this skill performs follow-on orchestration and file initialization, accidental activation can lead to unwanted workflow execution, unnecessary agent spawning, and unintended writes in the workspace.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill instructs the agent to create directories, copy templates, and modify project files, but the user-facing confirmation text does not clearly disclose that filesystem writes will occur. This undermines informed user consent and can result in unintended persistence, workspace clutter, or overwriting/modifying files under a project path the user did not explicitly approve.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrase "Phase 5" is overly broad because it can match casual references to the workflow stage rather than an explicit request to execute the skill. In an orchestration skill that can spawn sub-agents and launch ffmpeg-based processing, accidental invocation could start unintended work, consume resources, and confuse users about what actions were authorized.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrase "听评选定" is ambiguous because the document describes both a listening/selection step and the larger end-to-end workflow including transcoding and verification. A user asking only to perform selection could unintentionally trigger downstream transcoding actions, causing unexpected file creation and workflow progression beyond the user's intent.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The documented ffmpeg command uses the `-y` flag, which forces overwrite of the output file without prompting. In a skill or pipeline context, users may copy this command into automation or run it in the wrong directory, causing silent destruction of existing outputs or prior deliverables. The surrounding document is an operational production guide, which makes this more dangerous because readers are likely to execute the command as-is.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad and overlap with ordinary workflow language such as 'Phase 3' or '提取歌词', which can cause the skill to activate outside the intended context. In an agentic system that can spawn sub-agents and write files, unintended invocation can lead to unauthorized processing, file creation, or workflow advancement without clear user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs users to invoke MiniMax CLI to generate images from prompt files, which necessarily sends prompt contents to an external service, but it does not disclose that data leaves the local environment. This can cause unintended data exposure if prompts contain sensitive, proprietary, or personal information, especially because the workflow is designed for bulk automated submission.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The skill instructs the agent to write directly to a repository file without any explicit confirmation, sandboxing, or user warning. In an agentic environment, this can lead to unintended modification of project artifacts, especially if the target file selection or surrounding workflow is ambiguous or user approval is not enforced.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases include very generic user intents such as '开始生成歌曲' and 'Phase 2', which can match ordinary conversation or unrelated workflow references and cause the orchestration skill to launch unexpectedly. Because this skill spawns multiple subagents, performs file reads/writes, and continues autonomously across rounds, accidental activation can consume resources and modify project state without clear user consent.

Natural-Language Policy Violations

Medium
Confidence
86% confidence
Finding
The skill hardcodes a Chinese-only user-facing startup message and workflow expectations without checking the user's language preference or locale. This can mislead non-Chinese-speaking users about what actions are about to occur, reducing informed consent and increasing the chance that background agent execution begins without the user understanding the notice.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal