EVEZ DAW Agent
PassAudited by ClawScan on May 12, 2026.
Overview
The skill appears to be a local music-generation server whose code and documentation mostly match, with ordinary cautions about running a local API and undeclared Python dependencies.
This looks like a local audio-generation tool rather than a malicious skill. Before installing, be aware that it runs a local Python server, may require manually installed Python libraries, and will create generated WAV files. Do not expose the server port to untrusted networks, and only process audio files you are comfortable using with this local tool.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the port is exposed beyond the local machine, another user on the network might be able to call the audio-generation endpoints.
The skill asks the user to launch a local HTTP API server. This is coherent with the DAW API purpose, but any locally running API should be kept scoped to trusted users and networks.
python3 evez_daw.py --port 9112
Run it only when needed, prefer localhost-only access if supported, and do not expose port 9112 to untrusted networks.
The skill may not run until dependencies are installed, and installing them manually should be done from trusted package sources.
The code depends on third-party Python libraries, while the supplied install specifications do not pin or declare dependency installation. This is an operational/provenance note rather than evidence of malicious behavior.
import numpy as np import soundfile as sf from scipy import signal
Use a virtual environment and install required Python packages from trusted repositories; review dependency versions if reproducibility matters.
Using the drumkit feature will create files on disk in the skill's directory.
The drumkit generator creates persistent directories and WAV files under the skill directory. This is expected for a drumkit-generation feature, but users should be aware that it writes files locally.
kd=BASE_DIR/"drumkits"/name; kd.mkdir(parents=True,exist_ok=True)
Run the skill from a location where generated audio files are acceptable, and clean up generated drumkits if no longer needed.