Back to skill
Skillv1.0.3
ClawScan security
Music Assistant · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 5, 2026, 6:49 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and code are consistent with its stated purpose: it only needs a Music Assistant URL and token and uses them to control playback and query the server.
- Guidance
- This skill appears to do exactly what it says: it uses MA_URL and MA_TOKEN to call your Music Assistant server. Before installing, ensure MA_URL points to your trusted Music Assistant instance (not a public/malicious host) and use a token with only the permissions you are comfortable granting (revoke or rotate it if needed). You can review the bundled scripts/mactl.py locally (it issues JSON-RPC to MA_URL and prints results) and run it on a machine you control. Note that the skill will use the provided token to control playback and query data on whatever MA_URL you supply, so avoid giving it tokens for services you don't trust.
Review Dimensions
- Purpose & Capability
- okName/description (control Music Assistant) align with required environment variables (MA_URL, MA_TOKEN, optional MA_PLAYER) and the included CLI script which issues JSON-RPC commands to the Music Assistant API.
- Instruction Scope
- okSKILL.md and scripts/mactl.py only instruct the agent to use MA_URL/MA_TOKEN (and optionally MA_PLAYER) to call the Music Assistant API; there are no instructions to read unrelated system files, other environment variables, or to send data to external endpoints beyond MA_URL.
- Install Mechanism
- okNo install spec is provided (instruction-only with an included script). Nothing is downloaded or written by an installer — the CLI is bundled as a local script.
- Credentials
- okOnly MA_URL and MA_TOKEN are required (plus optional MA_PLAYER). These credentials are directly necessary for the stated API interactions. No unrelated credentials or secrets are requested.
- Persistence & Privilege
- okalways is false and the skill does not request permanent system-level presence or modify other skills. The default ability for the agent to invoke the skill autonomously is unchanged (normal for skills) and not combined with other red flags.