sense-music

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, purpose-aligned audio analysis tool with normal privacy and supply-chain cautions but no artifact-backed malicious behavior.

Install only if you are comfortable with the Python package and its audio/ML dependencies. Analyze only audio files or URLs you have permission to process, and review or delete generated transcripts, HTML, JSON, and image exports if the audio may contain private speech, copyrighted material, or personal information.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The skill explicitly supports lyric transcription and analysis of audio from URLs, but the documentation does not warn operators that uploaded or fetched audio may contain sensitive speech, copyrighted material, or personal information. Even if processing is local, this capability can expose private content through local caching, generated exports, logs, or accidental analysis of remote resources, so the missing privacy guidance is a real documentation security gap.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal