Tme Openapi

The skill bundle provides a functional client for the Tencent Music (TME) OpenAPI but includes high-risk instructions in SKILL.md that command the AI agent to automatically execute shell commands (pip install and playwright install) without user intervention. While the scripts (e.g., login.py, check_login.py, and get_token_from_browser.py) are logically consistent with the goal of managing TME authentication tokens via Playwright, the automated installation of binaries and the extraction of tokens from browser local storage represent significant security risks. No evidence of intentional malice or data exfiltration to unauthorized domains was found, as all network traffic is directed to the legitimate y.tencentmusic.com domain.