ClawHub

Workday Music Greeting

Security checks across malware telemetry and agentic risk

Overview

The skill largely matches its stated music-and-email automation purpose, but it needs review because one configurable setting can run shell commands and scheduled use can send emails automatically.

Install only after reviewing the command and scheduling behavior. Keep MUSIC_CMD fixed to a trusted music controller, avoid shell metacharacters, use an app-specific SMTP password, verify GREETING_TO before any live run, and test with --dry-run before enabling cron.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation indicates use of environment variables for SMTP credentials and runtime behavior, but it does not declare corresponding permissions/capabilities. This creates a transparency and governance problem: users and platforms may underestimate that the skill consumes secrets from the environment, increasing the risk of unintended credential exposure or deployment in an overly privileged context.

Tp4

High
Category
MCP Tool Poisoning
Confidence
98% confidence
Finding
The documented behavior omits a critical capability: the script executes a command taken from the MUSIC_CMD environment variable via execSync. If an attacker or misconfigured environment can influence that variable, this can lead to arbitrary command execution under the agent's privileges. The IMAP/SMTP claim mismatch is mainly misleading documentation, but the undeclared command-execution behavior materially increases risk.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The script builds a shell command from the MUSIC_CMD environment variable and executes it with execSync using shell interpolation. This allows arbitrary command execution if the environment variable is modified, which exceeds the stated automation purpose of selecting a music scene and creates a direct path to host compromise.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages cron-based unattended execution that will send emails and switch music scenes automatically, but it does not prominently warn users that these side effects occur without per-run confirmation. In scheduled contexts, this increases the chance of unintended outbound email, spam-like behavior, or disruptive device actions if configuration is wrong or the schedule is broader than expected.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal