Security audit
Wayne Sonoscli
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Sonos speaker control helper with disclosed local-network device commands and no hidden execution logic in the artifact.
Install only if you trust the upstream Go-based sonos CLI. Review the external module if you need stronger supply-chain assurance, confirm speaker names before issuing playback, volume, grouping, or queue-clearing commands, and keep optional Spotify client secrets out of prompts and logs.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
63/63 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
