Music Playlist
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears locally scoped and benign, though its helper scripts can store playlist entries/history on the device and its CLI install path is not fully specified.
This skill looks safe for local music playlist assistance. Before installing, confirm how the `music-playlist` command is wired to the included scripts, and remember that some commands may save entries and history under a local music-playlist data directory.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The advertised command may not be installed automatically, and users should know which included script they are actually running.
The artifacts include runnable-looking scripts and SKILL.md references a `music-playlist` CLI, but no install mapping is declared. This is a setup/provenance clarity issue, not evidence of malicious behavior.
Install specifications: No install spec — this is an instruction-only skill. Code file presence: 2 code file(s): scripts/playlist.sh, scripts/script.sh
Run only inspected local files or ask the publisher for explicit install and command-mapping instructions.
Playlist entries or command arguments may be saved locally across future uses.
The script persists command history and user-added entries in local files. This is purpose-aligned for a playlist utility, but users should be aware that inputs may remain on disk.
DATA_DIR="${MUSIC_PLAYLIST_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/music-playlist}" ... _log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; } ... echo "$(date +%Y-%m-%d) $*" >> "$DB"Avoid entering sensitive personal notes into playlist entries, and clear the local music-playlist data directory if you do not want this history retained.