lx-music-assistant
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: lx-music-assistant Version: 1.0.5 The skill bundle provides a legitimate interface for controlling the LX Music desktop application, but it contains a command injection vulnerability in `cli/lx-music-cli.js`. Specifically, the `listsongs` and `listplay` commands pass the user-provided `listId` argument directly into `child_process.execSync` without sanitization when calling the helper script `cli/list.py`. While the code appears intended for music management and includes security best practices like protocol whitelisting for Scheme URLs, this flaw could be exploited to execute arbitrary system commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious playlist ID or database path supplied through a prompt or copied command could run unintended local shell commands under the user's account.
The CLI invokes a shell command using template strings that include playlist ID and database path arguments. execSync runs through a shell by default, so crafted values can become command execution rather than just playlist lookup.
const result = execSync(`python "${scriptPath}" songs "${listId}" --db "${dbPath}"`, { encoding: 'utf-8', timeout: 10000 });Replace execSync string commands with execFile/spawn using argument arrays, and validate playlist IDs and database paths before use.
The agent can change what is playing, adjust volume, and modify favorites/dislikes in LX Music when invoked.
The skill can control playback, change volume, wake the desktop app, and favorite/unfavorite songs. This is disclosed and aligned with the music-control purpose, but it is still user-impacting tool authority.
支持:搜索歌曲并唤醒程序、播放/暂停/切换、调节音量、查看播放状态和歌词、收藏歌曲、本地歌单查询。
Use the skill only for explicit music-control requests and review commands that change favorites, dislikes, or volume.
Your local playlists and song names may be read and reported by the agent.
The helper reads LX Music's persistent local database to list playlists and songs. This is disclosed and purpose-aligned, but it exposes private music library information to the agent's response context.
return os.path.join(base, "lx-music-desktop", "LxDatas", "lx.data.db") ... c.execute("SELECT id, name, source, sourceListId FROM my_list ORDER BY position")Only request playlist queries if you are comfortable sharing that local music-library information in the chat context.
It is harder to verify the origin of the helper code or know in advance that local runtimes are needed.
The registry metadata provides no upstream source/homepage and does not declare runtime binaries, even though the skill includes JS/Python helpers and documents node-based CLI use.
Source: unknown; Homepage: none; Required binaries (all must exist): none
Inspect the bundled helper files before installing; the publisher should declare node/python runtime needs and provide a verifiable source.