SoundCloud Watcher

Security checks across malware telemetry and agentic risk

Overview

This is a coherent SoundCloud monitoring skill, but users should protect its local secrets file and avoid printing it into chat or logs.

Install only if you are comfortable giving the plugin SoundCloud API credentials and letting it store local monitoring state. Keep `~/.openclaw/secrets/soundcloud.env` private, do not paste its contents into chat or logs, restrict file permissions where possible, and add the cron job only if you want recurring background checks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The documentation exposes that the skill uses network and shell-capable behavior without declaring corresponding permissions, which weakens transparency and informed consent for users installing it. In an agent/plugin ecosystem, undeclared capabilities are dangerous because they can enable outbound communication and local command execution beyond what the user reasonably expects from the skill description.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 94% confidence
Finding: The documented purpose understates the skill's actual behaviors, including persistent local state management, token refresh/storage, and broader account/activity tracking than the description suggests. This mismatch is security-relevant because users may authorize the skill expecting simple notifications while it performs additional sensitive actions involving credentials, account state, and filesystem persistence.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The README tells users to run `cat ~/.openclaw/secrets/soundcloud.env` to troubleshoot, which prints the full client secret and username to the terminal or chat transcript. In an agent-assisted environment, users may paste that output back into chat or logs, causing unintended credential disclosure.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The instructions tell users to store SoundCloud client credentials in a local secrets file but provide no guidance on protecting that file, rotating secrets, or avoiding accidental disclosure. Handling API credentials without security warnings increases the chance of credential leakage through weak file permissions, backups, logs, or repository commits.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal