Music Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward Music Assistant controller; its main risk is careful handling of the required access token.

Install only if you want the agent to control your Music Assistant server. Treat MA_TOKEN like a password: do not share it, commit it, paste it into screenshots/logs, or use it on untrusted networks; rotate it if exposed. Prefer HTTPS or a trusted local network for authenticated requests, and set MA_PLAYER when you want to avoid controlling the wrong device.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill instructs users to obtain and export a long-lived bearer token but does not warn that it is a sensitive credential equivalent to account access. This increases the chance of accidental exposure through shell history, screenshots, logs, shared terminals, or copied examples, which could let an attacker control the user's Music Assistant instance.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The direct API example sends an Authorization bearer token to an HTTP endpoint, which exposes the token and API traffic to interception or manipulation on any untrusted network path. A stolen long-lived token could allow unauthorized playback control and potentially broader access depending on server permissions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal