Music Skill

Type: OpenClaw Skill Name: go-music-skill Version: 0.0.2 The skill is designed to install and manage a local music API backend, which involves high-risk capabilities such as downloading and executing a remote binary from GitHub (guohuiyuan/go-music-api) and handling user authentication cookies for music platforms. While these actions are aligned with the stated purpose in SKILL.md and include some security checks (e.g., verifying native executable headers in scripts/install.sh), the automated execution of remote payloads and the management of sensitive credentials meet the threshold for 'suspicious' under the provided criteria. No evidence of intentional malice or data exfiltration was found.