ClawHub
Back to skill

Security audit

Home Music

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed local Mac music-control skill for Spotify and Airfoil, with practical cautions about broad voice triggers and a manual sudo symlink.

Install only on a Mac where you intentionally want assistant or terminal commands to control Spotify and Airfoil speakers. Prefer explicit commands like home-music party or home-music stop, review the speaker names and playlist IDs first, and skip the sudo symlink unless you want the command available system-wide.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are broad, generic, and closely match normal user requests about music, which increases the chance this skill activates unintentionally. In a home automation context, unintended activation can cause disruptive playback across multiple speakers and override user intent, especially because the skill supports whole-house scenes and stop/fade commands.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The example voice invocations are conversational and ambiguous enough to overlap with ordinary assistant requests, making accidental routing to this skill more likely. Because this skill controls Spotify and Airfoil speaker routing, a misfire could change music state or speaker output unexpectedly throughout the house.

Shadow Command Trigger

Medium
Category
Trigger Abuse
Confidence
97% confidence
Finding
The trigger 'stop music' conflicts with common built-in assistant semantics around stopping playback, creating a shadowing risk where the skill may intercept a standard control request. In this skill, interception is more dangerous because the action affects multiple speakers and external apps, so a user trying to issue a simple global stop could instead invoke custom automation behavior.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.