netease-music-assistant

Before installing or enabling this skill, ask the developer to clarify and explicitly declare the runtime requirements and permissions. Specifically: - Confirm which binaries/tools are required at runtime (ncm-cli / netease-music-cli, node, crontab) and add them to required binaries so you know what will be invoked. - Clarify how NetEase account authentication is handled: which credentials or delegated skill provide access to the user's liked songs and playlist-writing capability? If it requires your NetEase credentials or cookies, understand where those are stored and who can access them. - Confirm how IM pushes (Feishu) are authorized: which token/credential is used and where it is stored. The skill currently implies sending messages/images but declares no env vars for tokens. - Do not permit automatic crontab modifications without an explicit, granular prompt. Cron registration is persistent and system-affecting — request an explicit confirmation UI before any cron entry is written, and prefer using a user-level scheduler managed via an approved API rather than piping into crontab blindly. - Because the SKILL.md asks the agent to read/write ~/.config/ncm and to download cover images to local temp files, consider whether you trust the skill to access that data and disk space; if not, run it in a sandboxed environment or require manual review of any files to be written. If the developer cannot provide precise declarations (required binaries, credentials, and exact cron commands) or if you cannot sandbox or review cron writes, treat the skill as higher-risk and avoid granting it persistent system access.