ClawHub

Trackyard

v1.0.2

Search and download licensed music from Trackyard's AI-powered catalog. Use for finding background music for videos, social content, podcasts, or any project...

0· 589·2 current·2 all-time
byBenny@benny-conn
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, required binaries (curl, jq), and required env var (TRACKYARD_API_KEY) align with a CLI that calls Trackyard's API. The script targets api.trackyard.com endpoints and only needs an API key.
Instruction Scope
SKILL.md and the script confine activity to searching, downloading, and querying account/usage via the Trackyard API. The script sends the TRACKYARD_API_KEY as a Bearer token and writes downloaded .mp3 files to the current directory. Note: some request-body construction uses raw shell string concatenation (user-supplied filters/query/IDs are embedded into JSON payloads) which can break requests or mis-handle odd input values; this is a functional/safety note but not evidence of misaligned purpose.
Install Mechanism
No install spec; this is an instruction-only skill with an included shell script. No external packages or remote downloads beyond calls to the Trackyard API are performed during use.
Credentials
Only a single credential is requested (TRACKYARD_API_KEY) and it is the primaryEnv. That is proportionate for an API-based music-download client; no unrelated secrets or config paths are requested.
Persistence & Privilege
always is false and the skill does not request or modify other skills or system-wide agent settings. It runs as-invoked and does not demand permanent elevated presence.
Assessment
This skill appears coherent with its stated purpose. Before installing: (1) confirm you trust trackyard.com and that TRACKYARD_API_KEY is a legitimate key from that service; (2) be aware the script sends your API key to api.trackyard.com (expected behavior) and saves downloaded .mp3 files to the current working directory (could overwrite files with the same name); (3) the script builds JSON payloads by inserting user input directly — avoid passing untrusted or specially crafted strings as queries/filters/IDs to prevent malformed requests; and (4) if you need stronger safety, inspect or run the script in a sandbox or review/patch input sanitization before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbsgngbcbpyntznen4mkm1981dgx0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
Binscurl, jq
EnvTRACKYARD_API_KEY
Primary envTRACKYARD_API_KEY

Comments