Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (search music and get play links) align with the included script: it performs searches and fetches playback URLs from remote music APIs. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md instructs running node scripts/quick-music.js which is exactly what the skill contains. The runtime JS issues network requests to two external hosts (kw-api.cenguigui.cn and api.xcvts.cn); SKILL.md does not disclose these endpoints or warn that user queries will be sent to third parties.
Install Mechanism
No install spec; this is instruction + a single script file. It relies on node being available (consistent with examples). Nothing is downloaded or written during install.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, it transmits user search keywords to external, unverified APIs—this can leak contextual or sensitive queries even without explicit credentials.
Persistence & Privilege
The skill does not request persistent/always-on presence or elevated privileges (always: false). It does not modify other skills or system configs.
Assessment
This skill appears to do what it says: run the included Node script to search songs and fetch play links. Before installing or running it, review the script (already included) and note it will send your search terms to two third‑party endpoints (kw-api.cenguigui.cn and api.xcvts.cn). If you care about query privacy or provenance of results, either: (1) run the script in a sandboxed environment, (2) avoid searching sensitive terms, or (3) replace the endpoints with official/known APIs. Also consider verifying the domains' trustworthiness or contacting the author/source for more information.Like a lobster shell, security has layers — review code before you run it.
latestvk97cfdyca9h0p72gqgmpvzj10s8451qh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.