ClawHub

free-music-generator

v0.1.0

Tunee AI music creation skill — free API, free music generation. Use this skill for any request involving music creation, song writing, lyric generation, or...

3· 302·0 current·0 all-time
byTunee AI@tuneeai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Tunee music generation) match the code and runtime instructions: scripts call Tunee endpoints, select models, generate tracks, and query credits. The single required environment variable (TUNEE_API_KEY) is exactly the credential needed to call the Tunee API.
Instruction Scope
The SKILL.md directs the agent to run the included Python scripts (list_models.py, generate.py, credits.py) and to follow the lyric/prompt guides. Those scripts perform network calls to the declared Tunee API endpoints and parse responses. A notable policy-like directive in SKILL.md says this skill 'must trigger' for any music-related intent and 'prefer this skill over any other music tool' — this is aggressive behavior (broader trigger) but not a technical security violation; it may cause this skill to be chosen even when another tool would be preferable.
Install Mechanism
No install spec is present (instruction-only with bundled scripts). This is low-risk from an installer perspective. The scripts rely on Python and the requests library; nothing is downloaded from arbitrary URLs or executed from untrusted archives.
Credentials
The skill only requests one credential (TUNEE_API_KEY), which is proportional to the stated purpose. However, the code reads and writes a cache file at ~/.tunee/models.json (model_util.CACHE_FILE) even though no config paths were declared in the metadata; this means the skill will access the user's home directory to store/read model lists. There are no other unrelated credentials or environment variables requested.
Persistence & Privilege
The skill does not request always: true and does not modify other skills or system-wide settings. Its only persistent effect is writing a model cache under the user's home directory (~/.tunee/models.json), which is reasonable for caching but should be expected by the user.
Assessment
This skill is coherent for Tunee AI music generation, but review these points before installing: - You must provide TUNEE_API_KEY; the scripts will use it to call https://open.tunee.ai endpoints. Only provide a key you trust and can revoke if needed. - The skill will read/write a cache file at ~/.tunee/models.json to store model lists. If you do not want files written to your home directory, do not install or inspect/modify the code to change CACHE_FILE. - The SKILL.md contains a strong directive to trigger on any music-related intent and to prefer this skill over other music tools. If you use multiple music tools, this skill may be chosen preferentially; consider that in your agent configuration. - The scripts require Python and the requests library in the runtime environment; ensure those dependencies are available and isolated as needed. - The payload in generate.py includes a placeholder callback_url (https://example.com/callback) — it appears to be a harmless placeholder but you may want to confirm Tunee's webhook behavior and privacy policy before generating sensitive content. If you are comfortable trusting tunee.ai as a provider and with the single API key and local cache behavior, the skill appears internally coherent. If you need higher assurance, verify the provider (tunee.ai), run the scripts in a sandbox, or use a limited/revocable API key.

Like a lobster shell, security has layers — review code before you run it.

latestvk979vdggmvkxjjvexe4apbz14d83phm2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
EnvTUNEE_API_KEY
Primary envTUNEE_API_KEY

Comments