← Back to Skills Marketplace
164
Downloads
0
Stars
0
Active Installs
3
Versions
Install in OpenClaw
/install music-identify
Description
Identify songs from audio clips using AudD API and optionally queue them to Spotify. Triggers on /songsearch command, voice messages with song identification...
Usage Guidance
This skill appears to do what it says, but before installing consider:
- It stores secrets as files: AudD API key (~/.config/audd/api_key) and Spotify credentials/tokens (~/.config/spotify/). Make sure those files are created with restrictive permissions (chmod 600) and store only credentials you trust.
- The Spotify auth script runs a temporary HTTP server bound to 0.0.0.0:8888 to receive the OAuth callback. If you expose that port via a public tunnel (ngrok, Tailscale Serve, etc.), anyone who can reach it could attempt to hit the callback; prefer using a local-only redirect URI or ensure the tunnel is private.
- The skill appends identifications to memory/music-log.json; this creates a persistent local history of songs you asked about. If that is sensitive, periodically rotate or delete the file or change where it is written.
- AudD requests audio files to api.audd.io; check AudD's privacy/retention policy before sending audio you consider private. Also keep track of API usage limits/costs.
- The scripts are plain and readable (no obfuscated code). If you have stricter security requirements, inspect the scripts yourself before running and consider running the auth flow on an isolated machine.
If these behaviors are acceptable (local credential files, local log, and a temporary auth server), the skill is coherent and can be used. If you are uncomfortable with any of the above, do not install or modify the scripts to match your security posture (for example, change the redirect URI to a localhost-only address, encrypt stored tokens, or change the memory log location).
Capability Analysis
Type: OpenClaw Skill
Name: music-identify
Version: 1.2.0
The music-identify skill is a well-structured tool for song identification using the AudD API and optional Spotify integration. The scripts (identify.sh, spotify-queue.sh, and spotify-auth.py) perform standard API interactions, handle OAuth flows correctly, and use jq for safe JSON processing. The documentation in SKILL.md correctly identifies necessary credentials and recommends restrictive file permissions (chmod 600), with no evidence of data exfiltration, malicious execution, or prompt injection.
Capability Assessment
Purpose & Capability
Name/description match the implementation. The included scripts call AudD (api.audd.io) and Spotify endpoints only, and the workflow (identify then optionally queue on Spotify) is coherent with the declared purpose.
Instruction Scope
Instructions and scripts read/write local files: AudD API key at ~/.config/audd/api_key, Spotify credentials/tokens under ~/.config/spotify/, and append to memory/music-log.json. They also instruct saving audio temporarily (e.g., /tmp). This is expected for the feature but is a privacy consideration because identified-song history and OAuth tokens are stored locally.
Install Mechanism
No install spec; this is an instruction-only skill with shipped scripts (bash + one small Python auth server). Nothing is downloaded from external or untrusted URLs and no archive extraction occurs.
Credentials
No environment variables are required, but the skill requires filesystem-stored credentials and tokens under the user's home (~/.config). That is proportional to the Spotify/AudD integrations, but users should be aware these files contain secrets and must be protected (the SKILL.md recommends chmod 600).
Persistence & Privilege
Skill does persistent writes only to its own expected places: ~/.config/audd, ~/.config/spotify, and memory/music-log.json. The Spotify auth flow starts a local HTTP server bound to 0.0.0.0:8888 for the callback — this is typical for local OAuth but means the machine will accept incoming HTTP callbacks on that port during auth, which can be exposed if you use a public tunnel. always:false and no cross-skill config modification.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install music-identify - After installation, invoke the skill by name or use
/music-identify - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.2.0
v1.2.0: Security fix — removed all Telegram bot token references and config path grep instructions from SKILL.md. Audio download from messaging platforms is now explicitly delegated to the host agent. Skill only handles local audio files. Removed undocumented config path access. Should resolve VirusTotal and OpenClaw security scan flags.
v1.1.0
v1.1.0: Added runtime dependency docs, credential security notes (chmod 600), detailed Telegram audio download workflow, Spotify token auto-refresh docs, structured script reference table, improved error response handling, exit code documentation.
v1.0.0
Song recognition from audio via AudD API + Spotify queue integration. Identify songs from voice clips, get title/artist/Spotify link, optionally queue to active Spotify session.
Metadata
Frequently Asked Questions
What is Music Identify?
Identify songs from audio clips using AudD API and optionally queue them to Spotify. Triggers on /songsearch command, voice messages with song identification... It is an AI Agent Skill for Claude Code / OpenClaw, with 164 downloads so far.
How do I install Music Identify?
Run "/install music-identify" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Music Identify free?
Yes, Music Identify is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Music Identify support?
Music Identify is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Music Identify?
It is built and maintained by PlayOffP (@playoffp); the current version is v1.2.0.
More Skills