Skillv1.0.6

ClawScan security

Release · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 26, 2026, 5:14 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code and runtime instructions are consistent with an AI music-generation assistant: it stores a local token, talks to a single named API (skill-api.muse.top), and persists minimal state under ~/.muse — nothing in the package indicates it is doing unexpected remote exfiltration or deceptive behavior, but there are privacy-related design choices you should be aware of before installing.
Guidance: What to check before installing: - Understand the auth flow: the skill asks users to paste a JWT-like token into the chat to register/verify; avoid pasting long-lived or sensitive tokens into conversation logs if you want them private. Consider creating a dedicated/throwaway account or short-lived token for use with this skill. - Backend domain: all network calls go to https://skill-api.muse.top (consistent across scripts). If you plan to use this skill, review that domain and the hosted service's privacy policy before giving credentials. - Local device fingerprinting: the skill computes a device id from hostname/MAC/username, hashes it, stores it in ~/.muse/device_id, and sends the hash as X-Device-Id. This is used server-side for dedup/rate-limiting but is a fingerprinting vector — be aware if you need stronger anonymity. - Inspect files before running install: the included install.sh copies files into CLI skill directories and creates ~/.muse. You can open and audit scripts locally (they use only Python stdlib and urllib). Run install in a controlled environment or sandbox if you have doubts. - Removal: uninstall removes the skill directory but leaves ~/.muse (install.sh documents how to fully delete the data: rm -rf ~/.muse). - If you are privacy-sensitive, either avoid pasting tokens into chat, use a dedicated/limited account, or ask the skill author for an OAuth/browser-based flow that avoids pasting secrets into conversation logs. Overall: the package appears internally coherent with its stated purpose; the main concerns are privacy-sensitive choices (token pasted into chat, local device fingerprinting) rather than evidence of malicious behavior.

Review Dimensions

Purpose & Capability: okThe skill's declared purpose (dialog-driven music/song/BGM generation) matches the included scripts and SKILL.md: scripts call a single backend (https://skill-api.muse.top) for styles, lyrics, generation and polling. Persisting a token, task_id and device_id under ~/.muse is coherent with needing login and asynchronous task tracking. No unrelated cloud credentials, binaries, or system config paths are requested.
Instruction Scope: noteRuntime instructions direct the agent to cd into the skill directory and run the included Python scripts (member-info, generate, query). They also implement a flow that asks the user to paste a JWT-like token into the chat (detected by messages starting with 'eyJ') which the scripts then verify and save to ~/.muse/token. Running those scripts and reading/writing ~/.muse files is expected, but prompting users to paste an auth token into the chat means secrets will appear in the conversation stream unless the agent/user takes care to avoid logging — this is a privacy/usability concern rather than an incoherence.
Install Mechanism: okThere is an install.sh included which copies the provided files into a skill directory for supported CLIs; it does not download arbitrary code from unknown servers during install. README suggests a git clone URL, but the packaged install script as provided is local and performs file copies, Python checks, and basic migration. No extract-from-remote or URL-shortener downloads were found in the install script.
Credentials: concernThe skill requests no environment variables, but it does read system identifiers (hostname, MAC via uuid.getnode(), and login) to generate a persistent device id which it stores in ~/.muse/device_id and sends as X-Device-Id to the service. While the code hashes these values before storage/transmission, collecting MAC/username is privacy-sensitive and could be used to fingerprint a device. The workflow also asks users to paste an auth token into chat — exposing credentials in conversational logs is a real risk. These behaviors are explainable for the service but are proportionally sensitive and worth considering.
Persistence & Privilege: noteThe skill persists its own state (token, device_id, task_id) under ~/.muse and installs files into a skill directory; it does not request always:true, does not alter other skills, and does not require elevated system privileges. Persistent storage of an auth token and device fingerprint is expected for a logged-in service but increases the persistent blast radius if the local environment or skill files are compromised.