Apple Music
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Apple Music control guide, but it can run AppleScript and change your music library or playlists, so review actions before allowing edits.
This skill appears purpose-aligned for controlling Apple Music. Before installing or using it, be aware that it can issue AppleScript commands on macOS and can make lasting changes such as playlist deletion, track removal, library additions, ratings changes, or metadata edits. Use MusicKit tokens only if needed, protect them like credentials, and confirm any destructive or bulk changes first.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may control Apple Music playback or query the current track through local AppleScript commands.
The macOS integration uses shell-invoked AppleScript to control the local Music app. This is disclosed and central to the skill's purpose, but users should notice that local automation commands may be run.
Run via Bash: osascript -e 'tell application "Music" to playpause'
Use this path only when you intend local Music app automation, and review generated AppleScript before allowing commands that change library data.
If allowed, the agent could make lasting changes to playlists or track metadata in the user's Music library.
The documented operation set includes destructive or persistent mutations such as deleting/renaming playlists, removing tracks, and editing track metadata. These actions are purpose-aligned for Apple Music management but should be user-directed.
Playlists | list, create, delete, rename, add tracks, remove tracks, get tracks ... Track Properties (Writable) ... set name of t to "New Name"
Require clear user intent and confirmation before destructive, bulk, or hard-to-reverse library and playlist changes.
Supplying MusicKit tokens can allow Apple Music library access through the API if used in that workflow.
The optional MusicKit API path requires Apple developer/account tokens for library access. This is expected for the integration, but it is still account-level authority that users should protect.
MusicKit API ... Setup required | Dev account + tokens ... Library access | Instant | With tokens
Use the least-privileged tokens available, avoid sharing or logging them, and confirm what library actions will be performed before authorizing API use.