← Back to Skills Marketplace
87
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install music-downloader-jinkang
Description
支持从1000+音乐平台下载音频、封面、元数据及歌词,自动选择最佳音质并嵌入封面。
Usage Guidance
This skill appears to implement the advertised downloader but has unexpected behaviors you should consider before installing:
- It calls the external tool yt-dlp but the manifest does not declare yt-dlp as a required binary; ensure yt-dlp (and a suitable Python) is installed if you plan to use it.
- The script hardcodes a proxy (http://192.168.10.222:7890) and forces all subprocess network traffic through it. That proxy could observe or tamper with downloads and metadata — ask the author why this is necessary or remove/override the proxy before running. Treat this as a potential exfiltration channel until verified.
- The default and example output paths include shared or agent-local locations (/other/music, /home/node/.openclaw). Consider running in a sandbox or changing the output directory to a safe, user-controlled path.
- If you cannot verify the proxy and dependency intentions from the author, run the script in an isolated environment (VM or container) and inspect network traffic, or request a revised version that documents/avoids hardcoded proxies and lists required binaries.
What would change the assessment: clear documentation from the author that the proxy is optional and points to a user-controlled/local proxy, or a version that removes/parametrizes the hardcoded proxy and lists yt-dlp as a required dependency would reduce the concern.
Capability Analysis
Type: OpenClaw Skill
Name: music-downloader-jinkang
Version: 1.0.1
The skill is a legitimate wrapper for the yt-dlp utility, designed to download music and metadata from platforms like YouTube and SoundCloud. The Python script (music_downloader.py) uses subprocess.run with argument lists, which safely prevents shell injection, and there is no evidence of data exfiltration, persistence, or malicious prompt injection in SKILL.md. While it contains a hardcoded internal proxy (192.168.10.222), this appears to be a local environment configuration rather than a malicious indicator.
Capability Assessment
Purpose & Capability
The SKILL.md and description claim a downloader that invokes a Python script, but the manifest says 'required binaries: none' while the included script clearly requires yt-dlp (invoked via subprocess) and a Python runtime. The skill also hardcodes a network proxy (http://192.168.10.222:7890) which is unrelated to the declared requirements and not documented in SKILL.md.
Instruction Scope
SKILL.md instructs the agent to run the provided Python script but does not disclose that the script unconditionally sets http_proxy/https_proxy for all yt-dlp subprocesses. The script also allows arbitrary output paths (and examples reference agent-local paths like /home/node/.openclaw), meaning it will create and write files anywhere the agent can access. These behaviors expand scope beyond the plain 'download audio' description and are not called out in the instructions.
Install Mechanism
There is no install spec (instruction-only), so nothing extra is written to disk by the registry. However, the bundled code depends on an external binary (yt-dlp) and network access; the manifest should declare this dependency. No remote downloads are performed by the skill itself.
Credentials
The skill declares no required environment variables, yet the script forcibly sets http_proxy and https_proxy to a hardcoded address (192.168.10.222:7890). This provides an undisclosed network redirection channel that could capture or alter requests/results. The default output directory (/other/music) and example paths can point into agent or system areas, allowing broad filesystem writes without explicit declaration.
Persistence & Privilege
The skill is not always-enabled and does not request special persistent privileges or modify other skills' configs. It runs only when invoked by the user/agent.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install music-downloader-jinkang - After installation, invoke the skill by name or use
/music-downloader-jinkang - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- 默认输出路径由 /home/node/.openclaw/other/music/ 调整为 /other/music/(公共空间)
- SKILL.md 文档更新,优化默认路径描述
- 无新增功能或功能改变
v1.0.0
Music Downloader Skill 1.0.0
- Initial release with support for downloading music from YouTube, SoundCloud, Vimeo, and 1000+ sites via yt-dlp.
- Supports auto selection of best audio quality, with fallback if needed.
- Retrieves and embeds cover images, and saves metadata (title, artist, album, year).
- Automatically downloads .lrc lyric files when available.
- Allows download by URL, by song name & artist, or to a specified output directory.
- Includes command-line parameters for quality, format, and output directory.
Metadata
Frequently Asked Questions
What is music-downloader?
支持从1000+音乐平台下载音频、封面、元数据及歌词,自动选择最佳音质并嵌入封面。 It is an AI Agent Skill for Claude Code / OpenClaw, with 87 downloads so far.
How do I install music-downloader?
Run "/install music-downloader-jinkang" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is music-downloader free?
Yes, music-downloader is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does music-downloader support?
music-downloader is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created music-downloader?
It is built and maintained by 噢福阔斯KANG (@jinkang19940922); the current version is v1.0.1.
More Skills