MusicPlaylistGen

This skill appears to implement the playlist/indexing functionality it advertises, but take these precautions before installing: - Verify the repository and author (git clone URL and commit history) before running code from an unknown source. The registry metadata shows an owner id but no homepage; confirm you trust the GitHub repo. - Understand what is sent to external services: the indexer sends file paths, metadata (tags), and constructed prompts to Anthropic or MiniMax. It does NOT upload audio files, but metadata and filenames can be sensitive. - If you are uncomfortable sending metadata to third-party LLMs, do not provide API keys. Consider running against a local/offline model or skipping the LLM enrichment step. - Review MUSIC_RULES.md and any rule changes carefully. That file is injected into system prompts; editing it can change LLM behavior and could be abused if populated with untrusted content. - When running the server, do not set MUSIC_SERVER_URL to a public IP unless you intentionally want network access. By default it listens on localhost:5678; exposing it to LAN/Tailscale will make links reachable by others. - Inspect the code (playlist_server.py, smart_indexer.py, start.sh) for any network calls and validate the endpoints. There are small inconsistencies in MiniMax endpoint strings; confirm the client libraries or HTTP calls point to the official provider domains before using your real API keys. - Run in a restricted environment (non-root user, limited network if possible) and backup the generated music.db if you value the indexing work. If you decide to proceed, supply API keys only temporarily and consider rotating keys later. If you want, I can: (1) produce a short checklist of exact files and lines to inspect for network calls, (2) highlight the parts of the code that construct prompts and what metadata they include, or (3) suggest safer configuration options (local LLM, binding to localhost, firewall rules).