ClawHub

Music Creator

Security checks across malware telemetry and agentic risk

Overview

The skill is a coherent AI music workflow, but it exposes and mishandles sensitive credentials and can make broad system and deployment changes without clear user control.

Install only if you are comfortable reviewing every command before it runs. Do not provide an API key through chat or let the agent run mmx auth login unless you understand where the CLI stores credentials. Remove the bundled plaintext MiniMax key, prefer a secret manager or temporary token, avoid system-wide installs where possible, and confirm the destination and visibility before any deployment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill clearly performs shell execution, file reads/writes, environment use, package installation, and deployment, yet no permissions are declared. This creates a trust and review gap: the agent may perform powerful side effects without an explicit permission boundary, making accidental or unsafe execution more likely.

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The skill instructs the agent to perform system-wide package installs and create a symlink in a system library path. These actions exceed normal content-generation behavior and can alter the host environment, break dependencies, or require elevated privileges in ways the user may not expect.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The skill asks the user for an API key and logs it into a global CLI session, which may persist credentials beyond the task and expose them to other processes or future sessions. Using a raw secret directly in shell commands also increases leakage risk through shell history, logs, or process inspection.

Description-Behavior Mismatch

Medium
Confidence
90% confidence
Finding
The skill writes into another skill's workspace and triggers that skill's deployment pipeline, expanding its effective privilege and side effects beyond its own directory. Cross-skill modification increases the blast radius of mistakes and makes review, isolation, and provenance harder.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases include broad natural-language expressions that can overlap with ordinary conversation, increasing the chance of accidental activation. In this skill, accidental activation is more concerning because the workflow can request credentials, install software, write files, and deploy content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill asks for a MiniMax API key but does not adequately warn the user that it will be used in a CLI login flow that may persist credentials. Lack of clear disclosure prevents informed consent and raises the chance of secret mishandling or unintended long-term retention.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill says it will automatically install dependencies and make system-level changes without clearly warning about package installation, privilege needs, compatibility risks, or library-path modifications. Users may unknowingly authorize changes that affect the wider machine, not just the task output.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The deployment step copies generated assets into a publishable site and syncs them outward, but the skill does not clearly warn that the content may become publicly accessible or externally distributed. This is especially important because generated songs, lyrics, and user-provided reference material may contain sensitive or copyrighted content.

Ssd 3

High
Confidence
99% confidence
Finding
The skill explicitly instructs the agent to collect an API key from the user and use it directly in a command that performs persistent authentication. This is dangerous because secrets may be exposed in conversation logs, shell history, process arguments, or stored CLI config, enabling unauthorized reuse.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal