ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ultimate Music Manager

v1.0.1

Organises a messy local music library into a clean Language/Artist/Album hierarchy using acoustic fingerprinting, deduplication, metadata enrichment, and opt...

0· 7·0 current·0 all-time
by@drajb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match what the skill asks for: it operates on a local MUSIC_ROOT and needs Python 3.12 and git to set up and run the pipeline. Optional env vars (Spotify credentials, FFmpeg path, data dir, etc.) align with the described optional features (Spotify sync, non‑MP3 decoding, token cache).
Instruction Scope
Runtime instructions direct the agent (and user) to run a sequence of local scripts that read and reorganize files under MUSIC_ROOT, produce JSON artifacts, and optionally call Shazam/Apple/Spotify APIs. The instructions also suggest adding a PreToolUse hook that relies on the CLAUDE_TOOL_INPUT environment variable — that is outside the skill's declared env list but is part of the hook mechanism; the hook script shown only prints warnings. The pipeline includes separate destructive utilities (05D, 05F, total_scrub, absolute_zero_sort) but marks them as opt‑in and provides a safety‑guard hook.
Install Mechanism
No arbitrary downloads or extract/install steps in the skill bundle. The SKILL.md recommends cloning the repo from GitHub (a normal release host). The package is instruction‑first with included scripts; the lack of an install spec is somewhat redundant (scripts are bundled but instructions still tell the user to git clone), but this is explainable and not inherently risky.
Credentials
Only one required environment variable (MUSIC_ROOT) is requested; other env vars are optional and correspond to optional features (Spotify OAuth credentials for sync, SHAZAM_CONCURRENCY, FFmpeg binary override, etc.). The safety hook references CLAUDE_TOOL_INPUT but that is a hook input rather than a secret the skill demands. No unrelated credentials (AWS, cloud provider keys, or broad secrets) are requested.
Persistence & Privilege
The skill is not always:true and does not auto‑enable itself. It does instruct the user to enable a PreToolUse hook (via editing .claude/settings.json or openclaw hooks enable) — enabling that hook will cause the included shell script to run on future PreToolUse events. That is a user action and not automatic, but it does grant the skill code the ability to run on agent tool invocations once enabled. The hook itself appears to be a benign safety prompt.
Assessment
This skill appears to be what it says: a local music‑library pipeline that fingerprints, deduplicates, enriches metadata, and optionally syncs to Spotify. Before installing or running it: (1) Backup your music folder (MUSIC_ROOT) or test on a copy — the pipeline moves files and there are separate destructive utilities (opt‑in) even though the canonical pipeline claims not to delete files. (2) Inspect config.py and the bundled scripts yourself — scripts are executed locally and will read/write under MUSIC_ROOT and the DATA_DIR. (3) Run scripts in a virtualenv per the README and use preflight.sh and --dry-run modes first. (4) Only provide Spotify credentials if you intend to use Phase 6; OAuth tokens are cached locally. (5) Be careful when enabling the suggested hook: enabling it modifies your agent hook configuration and will execute the provided shell script on PreToolUse events — review the hook code and enable it only if you trust it. (6) Note the minor oddity that the package bundles scripts but also instructs you to git clone the repo — this is not dangerous but redundant; you can inspect/compare the bundled files before cloning. If you want additional assurance, share config.py or any other script you’re unsure about and I can re-check for hidden network calls, writes outside MUSIC_ROOT, or suspicious behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk978wb5vq1ddj4m7w1y7hjesxn84qqsx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binspython3.12, git
EnvMUSIC_ROOT
Primary envMUSIC_ROOT

Comments