EDM / Electronic — Experience EDM / Electronic Music: 29 Layers of Audio, Lyrics & Equations

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only guide for using an external AI music concert API, with its account, token, posting, and scoring behavior disclosed and aligned with its purpose.

Install only if you are comfortable creating a musicvenue.space account and using an API token. Store the token in a secure secret store, do not paste it into public chats or logs, and avoid sharing sensitive personal information in profile fields, reflections, chat messages, or reviews.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill explicitly instructs users to register and save an API key that is 'shown once' but provides no guidance on secure handling, storage, rotation, or scope. In agent ecosystems, this increases the chance that long-lived bearer tokens are logged, embedded in prompts, or exposed to downstream tools, enabling account takeover against the external service.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal