Clawtunes Play
WarnAudited by ClawScan on May 10, 2026.
Overview
Most Apple Music playback behavior is purpose-aligned, but the package includes an undocumented playlist-changing helper with unsafe AppleScript string handling that deserves review.
Review before installing. The main playback workflow appears coherent, but you should be aware that the package contains extra playlist-changing code not described in the skill instructions, and that it needs broad macOS UI automation permission.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this helper is invoked with a malicious or malformed playlist name, it could run unintended AppleScript actions on the Mac instead of treating the name as plain text.
The playlist name argument is interpolated into an AppleScript program that is executed with osascript, without escaping in ensure_playlist. A crafted playlist name could change the AppleScript that runs.
ap.add_argument("playlist") ... ok, msg = ensure_playlist(args.playlist) ... if not (exists playlist "{name}") thenEscape AppleScript strings safely, pass user values as data rather than code, or remove this helper if playlist creation is not part of the skill.
If used, the skill could change the user's Apple Music library or playlists in a way the play-only documentation does not make clear.
This bundled script can create playlists and duplicate tracks into them, but the skill description and command list focus on playing music and do not disclose this mutation capability.
make new user playlist with properties {name:"{name}"} ... duplicate item 1 of matchingTracks to playlist "{esc_playlist}"Document the playlist mutation feature explicitly, require clear user confirmation before changing the library, and provide a dry-run or undo guidance.
Granting this permission allows the scripts to send keystrokes to the Music app during playback workflows.
Accessibility/Automation permission is expected for this Music UI workaround, but it is a broad local privilege that users should understand before enabling.
It also needs macOS Accessibility / Automation permission so `System Events` can send keyboard input to Music.
Grant Accessibility/Automation permission only if you are comfortable with local UI automation, and revoke it if you stop using the skill.
Users may not see the true local tool and OS requirements until reading the skill documentation.
The registry metadata does not declare the macOS-only tools that SKILL.md lists as required, such as clawtunes, python3, osascript, and open.
Required binaries (all must exist): none ... OS restriction: none
Update metadata to declare the macOS restriction and required binaries so installation expectations are clear.