ClawHub

Gen Music

Security checks across malware telemetry and agentic risk

Overview

This music-generation skill is mostly coherent, but it trusts backend-provided output locations too broadly, which could make it fetch arbitrary URLs or copy local files into its output folder.

Install only if you trust the ACE-Step backend you configure. Prefer a local or trusted HTTPS endpoint, avoid private lyrics or prompts with unknown services, use a scoped API key, and inspect generated output paths before sharing or playing the files elsewhere.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill documentation advertises use of Python scripts, environment variables, filesystem reads/writes, and network access, but the metadata declares only a binary requirement and no explicit permissions. This creates a transparency and consent problem: users and hosting platforms may not realize the skill can read local lyrics files, write output/manifest files, consume API keys from the environment, and contact local or remote backends.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill supports arbitrary `--base-url` values including remote endpoints, yet it does not prominently warn that user prompts, lyrics content, and possibly API credentials will be transmitted to that external service. In this context, the omitted disclosure is meaningful because lyrics may contain sensitive or copyrighted text, and a remote backend can retain, inspect, or misuse submitted data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal