Monochrome Music
v1.0.0Browse and search music from monochrome.tf (Tidal-based Hi-Fi streaming). Search for artists, albums, tracks, and get streaming URLs. Use for music discovery...
⭐ 0· 31·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description (browse and stream from monochrome.tf) matches the SKILL.md endpoints and example curl usage. The skill does not request unrelated credentials, binaries, or system access.
Instruction Scope
SKILL.md only instructs the agent to call HTTP GET endpoints on the listed instances and parse JSON responses. It does not ask the agent to read local files, environment variables, or other system state.
Install Mechanism
No install spec or code files are present (instruction-only). No files are written to disk by the skill itself, which minimizes installation risk.
Credentials
The skill requires no environment variables or credentials. That is coherent if the Monochrome API instances are public, but some endpoints (or genuine Tidal access) might normally require authentication—absence of credentials should be verified against the API's real behavior. Also the SKILL.md references community domains (spotisaver.net, geeked.wtf) whose trustworthiness is unclear.
Persistence & Privilege
The skill does not request persistent presence, special agent privileges, or modifications to other skills/configs (always:false, no installs). Autonomous model invocation is allowed but that is the platform default.
Assessment
This skill is internally coherent: it tells the agent how to call a Monochrome/Tidal-proxy API and does not ask for credentials or local file access. Before installing, verify the primary instance (https://eu-central.monochrome.tf) and the listed community domains (spotisaver.net, geeked.wtf) are legitimate and trustworthy—they may be unofficial proxies. Check the provided GitHub URL and API status link, and confirm whether the API actually returns public streaming URLs without authentication. If you plan to play or download tracks, be aware of potential copyright and service‑terms issues. For safety, test in an isolated environment, monitor network requests, and avoid supplying any account credentials unless you confirm the skill legitimately requires them and you trust the implementation.Like a lobster shell, security has layers — review code before you run it.
latestvk97aw7da53edesjgsy27rcf5fx849sh8musicvk97aw7da53edesjgsy27rcf5fx849sh8streamingvk97aw7da53edesjgsy27rcf5fx849sh8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.