Back to skill
Skillv1.0.0
VirusTotal security
Playlistable · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:42 AM
- Hash
- dae040c01814e26db58d1eb34a697235a1a5b1de1348093d427ed14f761ff550
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: playlistable Version: 1.0.0 The skill bundle is designed to interact with the Playlistable MCP service for Spotify playlist management. All code and documentation align with this stated purpose. The `SKILL.md` provides clear instructions without any prompt injection attempts. The `scripts/auth.mjs` handles Spotify OAuth securely, opening a browser via `child_process.exec` to a controlled URL, and saving the API key locally in `config/auth.json`. The `scripts/mcp-call.mjs` makes JSON-RPC calls to the legitimate `https://mcp.playlistable.io` endpoint, handling API keys from environment variables or local configuration. There is no evidence of data exfiltration, persistence mechanisms, or other malicious activities. The use of `child_process.exec` is for a specific, necessary, and internally controlled action (opening a browser for OAuth) and does not present an arbitrary command execution vulnerability.
- External report
- View on VirusTotal