Back to skill

Security audit

Text to Song

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward MakebestMusic text-to-music skill that uses a configured API key to send song prompts and check generation status, with no hidden persistence or unrelated local data access found.

Install only if you are comfortable sending song descriptions and generation identifiers to MakebestMusic using your MakebestMusic API key. Avoid putting sensitive personal or proprietary information in prompts, use a dedicated/revocable key where possible, and do not set MBM_API_BASE unless you intentionally trust an alternate endpoint.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad and overlap with ordinary conversation such as 'create a song', 'generate music', or 'write a melody', which can cause the skill to activate unexpectedly. Unintended invocation matters here because activation leads to use of an API key and transmission of user prompts to an external service.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The status and generation sections instruct the agent to send prompts and music identifiers to MakebestMusic, but the skill does not clearly warn users that their descriptions and task IDs are shared with a third-party service. This creates a privacy and consent issue, particularly if users include personal, proprietary, or sensitive content in song prompts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script sends the user-provided music prompt along with a bearer-authenticated request to an external service, but the code contains no disclosure, consent, or minimization controls around that data transfer. In a skill context, users may reasonably assume their prompt is handled locally by the agent, so undisclosed transmission can expose sensitive or proprietary text to a third-party provider and create privacy/compliance risk.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/generate.js:3

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/query.js:3