Back to skill

Security audit

QQ音乐转mp3技能

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward audio-to-MP3 conversion skill with one overwrite caveat users should notice before running it.

Before installing, note that directory conversion skips existing MP3 files, but the documented single-file ffmpeg command uses overwrite mode. Use the bundled script or ensure the agent asks before replacing an existing output file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation states the skill must not overwrite existing MP3 files, but the provided single-file ffmpeg command uses `-y`, which forces overwrite of the destination if it already exists. In a file-conversion skill, this can cause silent data loss by replacing a previously converted or manually edited MP3 with no confirmation.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The alias `audio to mp3` is very broad and can match many unrelated user requests outside the stated QQ Music use case. Overly generic triggers increase the chance of unintended invocation, which may lead an agent to select this skill for arbitrary audio-processing tasks and perform file operations on the wrong inputs.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The alias `音频转MP3` is generic enough to attract requests unrelated to QQ Music files. In an agent ecosystem, ambiguous triggers can cause accidental skill selection and unexpected execution paths, especially when the skill performs recursive processing of user-supplied directories.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.