Sonoscli Hardened
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed Sonos speaker-control skill with local-network commands and safety guardrails that match its stated purpose.
Before installing, be aware that the Go installer pulls the current upstream sonoscli module. Use explicit confirmation before clearing queues, changing groups, or setting high volume, and do not print Spotify credentials or send raw speaker data to external services.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.