ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Music Research (Crate)

v0.2.3

AI-powered music research with 92+ tools across 17 sources — MusicBrainz, Bandcamp, Discogs, Genius, Last.fm, Wikipedia, and more. Influence tracing, track v...

0· 347·0 current·0 all-time
byTarik Moody@tmoody1973
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (music research across many sources) aligns with the declared requirements: it needs npx to run the crate-cli and an ANTHROPIC_API_KEY which plausibly powers LLM reasoning inside the CLI. Optional API keys for individual music services are listed as optional in the SKILL.md and are coherent with the described capabilities.
Instruction Scope
The SKILL.md instructs the agent to add an MCP server entry that launches `npx -y crate-cli --mcp-server` and exposes many tools over stdio; it also documents local SQLite caches (collection, playlist, influence cache). The instructions do not ask the agent to read unrelated system files or secrets, but they do instruct running an external CLI that will access networks and persist local caches and configuration. That means queries and data may be transmitted to external services and persisted locally.
!
Install Mechanism
There is no install spec, but runtime usage relies on `npx` to download and execute `crate-cli` from the npm registry with no pinned version in the provided example. This effectively executes remote code on the agent host at runtime (supply-chain risk). The skill will therefore cause dynamic code to be fetched and run, which increases risk compared to instruction-only behavior that uses only built-in binaries.
Credentials
The one required environment variable (ANTHROPIC_API_KEY) is plausible if the CLI uses Anthropic's models for reasoning. However, the SKILL.md instructs passing that key into the spawned process; that gives the remote-executed CLI full access to the key and any requests it makes to Anthropic. Many additional optional API keys are listed for other services — these are optional but sensitive if provided.
Persistence & Privilege
always:false (good), but the instructions ask the user/agent to add a persistent MCP server entry and the CLI creates local SQLite caches (influence graph, collection, playlists). This results in long-lived configuration and locally stored data; not inherently malicious, but a persistence/privacy consideration.
What to consider before installing
This skill is coherent with its stated purpose, but it will cause your agent to run `npx crate-cli` (unversioned) and hand that process your ANTHROPIC_API_KEY. That means: (1) arbitrary code from the npm registry will be executed on your environment at runtime, (2) the crate-cli process can send queries and any user data to external services (including Anthropic) and persist data locally in SQLite. Before installing: verify the crate-cli package source and version (prefer a pinned version), inspect the crate-cli code or its GitHub repo, consider running it in an isolated environment (container), avoid providing sensitive/high-privilege keys unless you trust the package, and prefer a workflow where you manually install and review the CLI rather than letting npx fetch/execute it automatically.

Like a lobster shell, security has layers — review code before you run it.

latestvk971gtn4se7c43mxm9aray6f6d81tdvs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
Binsnpx
EnvANTHROPIC_API_KEY
Primary envANTHROPIC_API_KEY

Comments