Back to skill

Security audit

Crazyrouter Music Gen

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: send music prompts to Crazyrouter/Suno and optionally save the generated audio file locally.

Install only if you are comfortable sending prompts, lyrics, titles, and your Crazyrouter API key to the configured Crazyrouter-compatible service. Use non-sensitive input, verify CRAZYROUTER_BASE_URL is unset or trusted, and choose output paths that will not overwrite important files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill description includes broad trigger phrases like 'generate music', 'create a song', 'compose', and 'make audio content', which can match many ordinary user requests and cause the skill to activate more often than intended. Over-broad activation increases the chance the agent invokes external API-backed behavior unexpectedly, potentially sending user prompts to a third-party service and creating files without sufficiently explicit user intent.

Missing User Warnings

Low
Confidence
72% confidence
Finding
The usage documentation shows writing generated audio to a user-specified output path but does not clearly warn that the skill will create or overwrite a local file. In an agent setting, unclear file-write behavior can surprise users, lead to accidental overwrites, or place generated content in sensitive locations if path handling elsewhere is weak.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/main.mjs:5