← Back to Skills Marketplace
80
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install ultimate-music-manager
Description
Organises a messy local music library into a clean Language/Artist/Album hierarchy using acoustic fingerprinting, deduplication, metadata enrichment, and opt...
Usage Guidance
This skill appears to be what it says: a local music‑library pipeline that fingerprints, deduplicates, enriches metadata, and optionally syncs to Spotify. Before installing or running it: (1) Backup your music folder (MUSIC_ROOT) or test on a copy — the pipeline moves files and there are separate destructive utilities (opt‑in) even though the canonical pipeline claims not to delete files. (2) Inspect config.py and the bundled scripts yourself — scripts are executed locally and will read/write under MUSIC_ROOT and the DATA_DIR. (3) Run scripts in a virtualenv per the README and use preflight.sh and --dry-run modes first. (4) Only provide Spotify credentials if you intend to use Phase 6; OAuth tokens are cached locally. (5) Be careful when enabling the suggested hook: enabling it modifies your agent hook configuration and will execute the provided shell script on PreToolUse events — review the hook code and enable it only if you trust it. (6) Note the minor oddity that the package bundles scripts but also instructs you to git clone the repo — this is not dangerous but redundant; you can inspect/compare the bundled files before cloning. If you want additional assurance, share config.py or any other script you’re unsure about and I can re-check for hidden network calls, writes outside MUSIC_ROOT, or suspicious behavior.
Capability Analysis
Type: OpenClaw Skill
Name: ultimate-music-manager
Version: 1.0.1
The bundle contains a shell injection vulnerability in 'scripts/status.sh' where 'eval' is used on configuration values (like MUSIC_ROOT) derived from environment variables, which could lead to arbitrary command execution if a user provides a malformed .env file. Additionally, the skill references several destructive scripts (e.g., 'total_scrub.py', '05D_force_delete_residue.py') that perform bulk file deletions. While the bundle includes a defensive PreToolUse hook ('hooks/safety-guard.sh') designed to warn the AI agent before running these destructive tools, the presence of critical vulnerabilities and high-risk file-deletion capabilities warrants a suspicious classification.
Capability Tags
Capability Assessment
Purpose & Capability
Name and description match what the skill asks for: it operates on a local MUSIC_ROOT and needs Python 3.12 and git to set up and run the pipeline. Optional env vars (Spotify credentials, FFmpeg path, data dir, etc.) align with the described optional features (Spotify sync, non‑MP3 decoding, token cache).
Instruction Scope
Runtime instructions direct the agent (and user) to run a sequence of local scripts that read and reorganize files under MUSIC_ROOT, produce JSON artifacts, and optionally call Shazam/Apple/Spotify APIs. The instructions also suggest adding a PreToolUse hook that relies on the CLAUDE_TOOL_INPUT environment variable — that is outside the skill's declared env list but is part of the hook mechanism; the hook script shown only prints warnings. The pipeline includes separate destructive utilities (05D, 05F, total_scrub, absolute_zero_sort) but marks them as opt‑in and provides a safety‑guard hook.
Install Mechanism
No arbitrary downloads or extract/install steps in the skill bundle. The SKILL.md recommends cloning the repo from GitHub (a normal release host). The package is instruction‑first with included scripts; the lack of an install spec is somewhat redundant (scripts are bundled but instructions still tell the user to git clone), but this is explainable and not inherently risky.
Credentials
Only one required environment variable (MUSIC_ROOT) is requested; other env vars are optional and correspond to optional features (Spotify OAuth credentials for sync, SHAZAM_CONCURRENCY, FFmpeg binary override, etc.). The safety hook references CLAUDE_TOOL_INPUT but that is a hook input rather than a secret the skill demands. No unrelated credentials (AWS, cloud provider keys, or broad secrets) are requested.
Persistence & Privilege
The skill is not always:true and does not auto‑enable itself. It does instruct the user to enable a PreToolUse hook (via editing .claude/settings.json or openclaw hooks enable) — enabling that hook will cause the included shell script to run on future PreToolUse events. That is a user action and not automatic, but it does grant the skill code the ability to run on agent tool invocations once enabled. The hook itself appears to be a benign safety prompt.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install ultimate-music-manager - After installation, invoke the skill by name or use
/ultimate-music-manager - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
Version 1.0.1
- Added optional environment variables and binaries (e.g., SPOTIFY credentials, FFMPEG, etc.) to metadata for improved configuration flexibility.
- Specified `source` field in metadata with project repository URL.
- Clarified the function and use-cases of environment variables and prerequisites in documentation.
- Expanded and improved descriptions of pipeline phases and script purposes for greater clarity.
- No changes to code; documentation and metadata updates only.
v1.0.0
ultimate-music-manager 1.0.0
- Initial release of a multi-phase music library management pipeline.
- Automates sorting, deduplication, and organization of local audio files by Language/Artist/Album.
- Identifies unknown songs using Shazam acoustic fingerprinting.
- Enriches metadata with iTunes artwork and LrcLib lyrics.
- Provides optional sync from the local library to Spotify playlists.
- Ensures no files are deleted; suspected duplicates are moved for manual review.
Metadata
Frequently Asked Questions
What is Ultimate Music Manager?
Organises a messy local music library into a clean Language/Artist/Album hierarchy using acoustic fingerprinting, deduplication, metadata enrichment, and opt... It is an AI Agent Skill for Claude Code / OpenClaw, with 80 downloads so far.
How do I install Ultimate Music Manager?
Run "/install ultimate-music-manager" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Ultimate Music Manager free?
Yes, Ultimate Music Manager is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Ultimate Music Manager support?
Ultimate Music Manager is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Ultimate Music Manager?
It is built and maintained by drajb (@drajb); the current version is v1.0.1.
More Skills