ClawHub

Save To Spotify

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its Spotify audio-production purpose, but it relies on OAuth credentials and recommends a high-trust remote installer that should be reviewed before use.

Install only if you are comfortable giving the Spotify CLI access to your account and letting the agent upload or delete Spotify show/episode data. Prefer a manually downloaded, version-pinned release over `curl | bash`, avoid printing tokens in shared logs, and do not use cloud TTS or image providers for confidential scripts or source material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

Intent-Code Divergence

Medium
Confidence
94% confidence
Finding
The skill claims sourcing is 'Read-only. Always.' but elsewhere directs the agent to install software, authenticate, upload media, modify shows/episodes, and set timelines. This contradiction can mislead safety systems or operators about the true side effects of running the skill, increasing the chance that write actions occur without appropriate review or sandboxing.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document recommends multiple cloud TTS providers and even suggests default selection prompts, but it does not clearly warn that user-provided text may be transmitted to third-party services for processing. In this skill's context, the content may include unpublished scripts, copyrighted text, or sensitive material, so omission of a disclosure can cause privacy, confidentiality, or compliance issues when the agent sends text off-device.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The verification section tells the agent to check for local tools and says to offer installation if they are missing, but it does not constrain environment modification or require explicit user approval before changing the system. In an agent skill, that can normalize execution of install commands that alter the host, introduce supply-chain risk, or violate least-privilege expectations, even if the intent is operational convenience rather than abuse.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation exposes destructive `shows delete` and `episodes delete` operations without an explicit warning that deletion is irreversible. In an agent-oriented CLI, this increases the chance of accidental data loss because users or automation may invoke deletion based on examples alone.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The authentication section documents storage of OAuth tokens on disk and includes a command that prints the access token to stdout, but it does not clearly warn about credential exposure through shell history, logs, process capture, or shared terminals. In agent and CI environments, stdout-token handling is especially risky because tokens can be harvested and reused against Spotify APIs.

Missing User Warnings

Low
Confidence
81% confidence
Finding
The skill performs automatic network fetches for fonts and CDN artwork without explicit user notice, which can leak operational metadata such as IP address, timing, topic-derived usage patterns, and environment behavior to third-party endpoints. In an agent environment, silent outbound requests are security-relevant because they expand the trust boundary and may violate user or platform expectations around offline processing.

External Script Fetching

High
Category
Supply Chain
Content
### One-line install (recommended)

```shell
curl -fsSL https://saveto.spotify.com/install.sh | bash
```

Detects OS and architecture, downloads the binary from GitHub Releases, verifies the SHA256 checksum, and installs to `/usr/local/bin` (or `~/.local/bin` if not writable).
Confidence
98% confidence
Finding
curl -fsSL https://saveto.spotify.com/install.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
```shell
# Specific version
curl -fsSL https://saveto.spotify.com/install.sh | bash -s -- --version 0.1.1

# Custom directory
curl -fsSL https://saveto.spotify.com/install.sh | bash -s -- --dir ~/.local/bin
Confidence
98% confidence
Finding
curl -fsSL https://saveto.spotify.com/install.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
curl -fsSL https://saveto.spotify.com/install.sh | bash -s -- --version 0.1.1

# Custom directory
curl -fsSL https://saveto.spotify.com/install.sh | bash -s -- --dir ~/.local/bin

# Via environment variables
SAVE_TO_SPOTIFY_VERSION=0.1.1 SAVE_TO_SPOTIFY_INSTALL_DIR=~/.local/bin \
Confidence
98% confidence
Finding
curl -fsSL https://saveto.spotify.com/install.sh | bash

External Script Fetching

High
Category
Supply Chain
Content
# Via environment variables
SAVE_TO_SPOTIFY_VERSION=0.1.1 SAVE_TO_SPOTIFY_INSTALL_DIR=~/.local/bin \
  curl -fsSL https://saveto.spotify.com/install.sh | bash
```

### Download a binary manually
Confidence
98% confidence
Finding
curl -fsSL https://saveto.spotify.com/install.sh | bash

Chaining Abuse

High
Category
Tool Misuse
Content
### One-line install (recommended)

```shell
curl -fsSL https://saveto.spotify.com/install.sh | bash
```

Detects OS and architecture, downloads the binary from GitHub Releases, verifies the SHA256 checksum, and installs to `/usr/local/bin` (or `~/.local/bin` if not writable).
Confidence
97% confidence
Finding
| bash

Chaining Abuse

High
Category
Tool Misuse
Content
# Via environment variables
SAVE_TO_SPOTIFY_VERSION=0.1.1 SAVE_TO_SPOTIFY_INSTALL_DIR=~/.local/bin \
  curl -fsSL https://saveto.spotify.com/install.sh | bash
```

### Download a binary manually
Confidence
97% confidence
Finding
| bash

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal