Ai Songwriter
AdvisoryAudited by Static analysis on May 13, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may give the agent access to a MiniMax account key that can make API calls and potentially incur usage costs.
The skill expects a MiniMax API key and mmx CLI access for music generation. This is aligned with the stated purpose, but it is sensitive authority and the registry requirements list no required env vars or binaries.
required_environment_variables: - MINIMAX_CN_API_KEY required_commands: - mmx
Use a scoped or limited MiniMax key where possible, monitor usage, and ensure the skill metadata accurately declares the required credential and command.
The generated song file may be uploaded or sent to the current chat/channel automatically after the lyrics have been confirmed and the audio is generated.
After audio generation, the skill instructs the agent to use the message/file-delivery tool to send the generated file. This is expected for a song delivery skill, but it is an outward action users should understand.
生成完成即发送:音频文件生成后,立即发送给用户,不等用户催
Before confirming generation, verify the destination channel and ask for an additional send confirmation if the channel is shared or public.
Execution depends on whichever mmx binary is available in the user's environment.
The workflow depends on an external mmx command, but the supplied package is instruction-only and does not include a pinned install specification for that dependency.
required_commands: - mmx
Install mmx from a trusted official source, keep it updated, and consider adding explicit installation/version metadata.