EVEZ DAW Agent
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the port is exposed beyond the local machine, another user on the network might be able to call the audio-generation endpoints.
The skill asks the user to launch a local HTTP API server. This is coherent with the DAW API purpose, but any locally running API should be kept scoped to trusted users and networks.
python3 evez_daw.py --port 9112
Run it only when needed, prefer localhost-only access if supported, and do not expose port 9112 to untrusted networks.
The skill may not run until dependencies are installed, and installing them manually should be done from trusted package sources.
The code depends on third-party Python libraries, while the supplied install specifications do not pin or declare dependency installation. This is an operational/provenance note rather than evidence of malicious behavior.
import numpy as np import soundfile as sf from scipy import signal
Use a virtual environment and install required Python packages from trusted repositories; review dependency versions if reproducibility matters.
Using the drumkit feature will create files on disk in the skill's directory.
The drumkit generator creates persistent directories and WAV files under the skill directory. This is expected for a drumkit-generation feature, but users should be aware that it writes files locally.
kd=BASE_DIR/"drumkits"/name; kd.mkdir(parents=True,exist_ok=True)
Run the skill from a location where generated audio files are acceptable, and clean up generated drumkits if no longer needed.