Music Playlist
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The advertised command may not be installed automatically, and users should know which included script they are actually running.
The artifacts include runnable-looking scripts and SKILL.md references a `music-playlist` CLI, but no install mapping is declared. This is a setup/provenance clarity issue, not evidence of malicious behavior.
Install specifications: No install spec — this is an instruction-only skill. Code file presence: 2 code file(s): scripts/playlist.sh, scripts/script.sh
Run only inspected local files or ask the publisher for explicit install and command-mapping instructions.
Playlist entries or command arguments may be saved locally across future uses.
The script persists command history and user-added entries in local files. This is purpose-aligned for a playlist utility, but users should be aware that inputs may remain on disk.
DATA_DIR="${MUSIC_PLAYLIST_DIR:-${XDG_DATA_HOME:-$HOME/.local/share}/music-playlist}" ... _log() { echo "$(date '+%m-%d %H:%M') $1: $2" >> "$DATA_DIR/history.log"; } ... echo "$(date +%Y-%m-%d) $*" >> "$DB"Avoid entering sensitive personal notes into playlist entries, and clear the local music-playlist data directory if you do not want this history retained.