Back to skill

Security audit

Music Weekly

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed music-curation workflow that writes to a user-configured Notion database and messaging channel, with some credential-handling cautions.

Install only if you are comfortable giving the skill a Notion integration key and allowing it to write music records to the configured Notion database and send recommendations to the configured channel. Prefer a dedicated Notion integration shared only with the intended page or database, avoid passing the key on the command line, keep the config file private, and double-check delivery targets before scheduling cron runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The setup flow performs filesystem changes and creates a Notion database, but the quick-start section frames it as a recommended one-line initialization without a prominent pre-execution warning about these side effects. In agentic environments, users may trigger setup assuming it is a harmless check, causing unintended persistent changes to local files, directories, and remote Notion resources.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
Passing the Notion API key directly on the command line can expose the credential through shell history, process listings, audit logs, or terminal recording tools. This creates a realistic secret-handling vulnerability because anyone with local access or log visibility may recover the token and gain access to the connected Notion workspace.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow explicitly downloads remote content and writes to local filesystem paths derived from configuration, including appending to logs and copying media files, without any user confirmation, path validation, or trust boundary checks. This is dangerous because a skill operator could unintentionally overwrite files, persist untrusted content, or fetch attacker-controlled URLs if configuration or upstream metadata is manipulated.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.