ClawHub

Music Library Organizer / 音乐库整理

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned for organizing a music library, but its bundled scripts can bulk-move local media files with weaker enforced safeguards than the skill promises.

Review before installing if you expect strong safety guarantees. Run only dry-run modes first, inspect the generated CSV/log output, avoid using --apply until you have confirmed the exact source and target paths, and be aware that recovery may require manual moves from backup/trash directories rather than a fully reliable scripted rollback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Low
Confidence
96% confidence
Finding
The README documents the orphan-lyrics cleanup backup path as `_已删除_孤儿歌词_<时间戳>/`, but the restore script description says it restores from `_trash_orphan_lyrics_<时间戳>/`. That inconsistency can break recovery during an incident and may cause operators to believe deleted lyrics are recoverable when the documented restore flow cannot actually find the moved files.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
When run with --apply, the script immediately moves files based on a hard-coded list without any interactive owner confirmation, approval token, or external signed plan check. In a file-management skill that explicitly promises mandatory confirmation and safe-by-default handling, this creates a real risk of unauthorized or mistaken modification of a user’s media library, even though the action is a soft-delete rather than permanent deletion.

Description-Behavior Mismatch

Medium
Confidence
82% confidence
Finding
The script embeds a precomputed duplicate list and directly acts on it, but does not implement the broader scan, planning, verification, and cleanup workflow promised by the skill metadata. This mismatch is dangerous because operators may trust the manifest's safeguards and assume the script includes review and validation steps that are actually absent, increasing the chance of incorrect file moves from stale or wrong inventory data.

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata promises a safety workflow with owner confirmation and soft-delete, but the implementation performs immediate `shutil.move` operations when `--apply` is used. In a file-organizer context this mismatch is dangerous because a user may trust the manifest's safety claims and trigger bulk relocation or backup moves without the advertised review gate, causing large-scale unintended data movement or apparent data loss.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script performs immediate in-place file moves inside the music library when invoked with --apply, without implementing the skill's advertised soft-delete, verification, or staged cleanup safeguards. Although it does prompt for a coarse command-line confirmation, that is much weaker than per-change owner confirmation and creates a real risk of unintended bulk modifications or lyric misplacement across the library.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal