Back to skill

Security audit

Song Translation Expert

Security checks across malware telemetry and agentic risk

Overview

This is a coherent lyrics translation skill, with some non-security cautions around copyrighted lyric examples, Chinese-default behavior, and fixed file-output documentation.

Install only if you want a Chinese-focused lyrics translation assistant. Be aware it may look up lyrics or reference translations when given only a song name or URL, and the bundled examples include substantial copyrighted lyrics. For file outputs, explicitly choose the save location and avoid relying on the documented /home/z path.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
87% confidence
Finding
The skill documents file-reading and file-writing behavior via helper scripts and file-generation workflows, but no declared permissions are present. This creates a capability/permission mismatch that can lead to unintended filesystem access or execution in environments that rely on explicit permission declarations for policy enforcement.

Context-Inappropriate Capability

Low
Confidence
85% confidence
Finding
The README discloses a hard-coded absolute local filesystem path (`/home/z/my-project/download/lyrics_collection/all_songs.json`) and recommends using it as a reference source. Even though this is only documentation, it leaks environment-specific information and may encourage downstream components or maintainers to access data outside the skill package boundary, which can normalize unsafe file access patterns.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The corpus contains long, recognizable excerpts of copyrighted lyrics plus corresponding translations from many commercially released songs. For a translation skill, embedding substantial reproductions of protected content creates an avoidable content-exfiltration and copyright-infringement risk because the model can be induced to regurgitate or closely transform those stored passages rather than perform fresh user-provided translation.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The document requires all generated files to be saved to a fixed local path, regardless of user intent or runtime environment. Hard-coded write locations can cause unauthorized disk writes, accidental overwrites, privacy issues, and unsafe coupling to a host filesystem, especially for a skill whose primary purpose is text translation rather than local file operations.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger conditions are broad enough to activate on generic song-related discussion, causing the skill to take over requests that may only need metadata lookup or interpretation. Overbroad activation can misroute user intent, unnecessarily invoke web/file tooling, and increase exposure to copyrighted-content retrieval or unwanted data handling paths.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The distinction between mandatory and recommended activation remains unclear for explanation-style requests such as asking about a song's meaning or story. This ambiguity can cause the skill to activate when the user wanted analysis rather than translation, leading to unnecessary transformation of content and incorrect tool selection.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The document hard-codes Chinese as the required target style/output for English song translation without clearly preserving user choice of language or output mode. In an agent setting, this can override user intent, cause incorrect handling of requests for other target languages or formats, and create prompt-steering behavior where the skill imposes its own output constraints over the user’s instructions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Mandating disk writes to /home/z/my-project/download/ without warning or consent creates a silent side effect outside the expected chat-only translation workflow. This can leak sensitive content into persistent storage, violate least surprise, and become more dangerous if the environment grants broader filesystem access or if generated filenames collide with existing files.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The document contains a blanket rule to translate content into Chinese, which can override or bias the assistant's response format without explicit confirmation from the user. In a skill system, hard-coded output-language mandates can cause instruction-priority conflicts and make the agent ignore user preference or higher-level policy expectations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.