Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (music recommendations, lyrics, playlists) align with the included Python code which calls music.163.com endpoints, performs searches, fetches lyrics, manages local favorites/playlists, and maintains a cache. Minor inconsistency: SKILL.md documents storing user data under ~/.openclaw/workspace/music-helper/* while the code writes favorites/playlists and cache next to the module (DATA_DIR / 'favorites.json' etc.). This is an implementation detail but worth noting.
Instruction Scope
SKILL.md describes network access and file read/write and the code performs those exact actions (HTTP requests to Netease endpoints, caching to netease_cache.json, and reading/writing favorites/playlists). The instructions do not ask the agent to access unrelated system paths, credentials, or transmit data to unexpected endpoints.
Install Mechanism
No install spec is provided (instruction-only), so nothing is downloaded during install. The package includes Python code files; the code will perform network calls at runtime but there is no installer that fetches external archives or executes scripts from arbitrary URLs.
Credentials
The skill does not request environment variables, credentials, or privileged config paths. Its network and local-file operations are proportional to the music/lyrics functionality described.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. It writes cache and user favorites/playlists to files within the skill's directory (or intended workspace); it does not modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: query Netease endpoints, cache results, and store favorites/playlists locally. Before installing, consider: (1) it makes outbound HTTP requests to music.163.com — ensure outbound network access is acceptable; (2) it writes cache and favorites/playlists files alongside the skill (SKILL.md mentions a workspace path — behavior differs slightly from the docs), so check where those files will be stored and whether that location is acceptable for your privacy policy; (3) included netease_cache.json contains pre-populated API responses (static data) — review it if you care about what content is already shipped; (4) no credentials are requested, but lyrics/copyright considerations and rate-limits from the remote service may apply. If you need higher assurance, inspect netease_api.py and music_helper.py directly (they are included) or run them in a sandboxed environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk972vdr5x7adrrfgexy8kdesad83z9tv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.