Skillv1.2.0

ClawScan security

ZeeLin Music · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 11, 2026, 3:59 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent for a paid music-generation service but it requires you to supply your Zeelin App‑Key and instructs the agent to forward that secret to third‑party endpoints (melodylab.top), which is plausible for billing yet raises privacy and exfiltration concerns.
Guidance: This skill will ask you to provide your Zeelin App‑Key and will forward it to the developer's backend (melodylab.top) as well as to skills.zeelin.cn for balance checks. That is plausible for a paid music service, but increases risk because your secret leaves the OpenClaw environment and goes to a third party. Before installing or using it: (1) confirm you trust melodylab.top and the developer; (2) prefer using a platform‑managed billing/auth flow (OAuth or scoped token) instead of pasting long‑lived keys; (3) if you must provide a key, create a limited/revocable key or test with minimal funds; (4) verify the privacy claims (e.g., whether they really do not persist inputs) and check the developer's reputation; (5) monitor your Zeelin account for unexpected charges and be prepared to rotate/revoke the key if needed.
Findings: [no_regexp_findings_instruction_only] expected: The static regex scanner found nothing because this is an instruction-only skill (no code files). Absence of findings is expected but not evidence of safety — all risks come from the SKILL.md runtime instructions which require sending user secrets to external servers.

Review Dimensions

Purpose & Capability: noteThe skill's name and description (AI music generation) match the instructions (generate lyrics, call music-generation APIs). Requiring a user billing key (Zeelin App‑Key) is explainable because the service charges per-generation, so requesting a key is not inherently incoherent. However, the SKILL.md has the agent send the user's App‑Key to melodylab.top (developer backend) rather than only to the official billing endpoint, which is an architectural choice that should be justified.
Instruction Scope: concernRuntime instructions explicitly require the agent to ask the user for their Zeelin App‑Key and include it in requests to both skills.zeelin.cn (for balance check) and melodylab.top (for generation/deduction). That means the agent will collect and transmit a user secret to an external developer-controlled server; the steps are specific and mandatory ('必须在任何创作操作之前完成'), which increases the risk of secret exposure or misuse.
Install Mechanism: okInstruction-only skill with no install spec and no code files — nothing is written to disk by the skill package itself. This is the lowest install risk.
Credentials: concernAlthough no environment variables or system credentials are declared, the skill runtime requires the user to provide a sensitive App‑Key. Requesting a payment/billing key can be proportionate, but forwarding that key to a third‑party (melodylab.top) rather than using a platform-managed, least-privilege mechanism increases risk. The SKILL.md does not describe any key scoping or limited-permission token, nor does it show how the key is protected beyond TLS claims in PRIVACY.md.
Persistence & Privilege: okThe skill does not request always:true, does not install persistent components, and only asks to save short-lived IDs (pre_order_id). No elevated agent privileges or cross-skill configuration changes are requested.