← 返回 Skills 市场
164
总下载
0
收藏
0
当前安装
3
版本数
在 OpenClaw 中安装
/install music-identify
功能描述
Identify songs from audio clips using AudD API and optionally queue them to Spotify. Triggers on /songsearch command, voice messages with song identification...
安全使用建议
This skill appears to do what it says, but before installing consider:
- It stores secrets as files: AudD API key (~/.config/audd/api_key) and Spotify credentials/tokens (~/.config/spotify/). Make sure those files are created with restrictive permissions (chmod 600) and store only credentials you trust.
- The Spotify auth script runs a temporary HTTP server bound to 0.0.0.0:8888 to receive the OAuth callback. If you expose that port via a public tunnel (ngrok, Tailscale Serve, etc.), anyone who can reach it could attempt to hit the callback; prefer using a local-only redirect URI or ensure the tunnel is private.
- The skill appends identifications to memory/music-log.json; this creates a persistent local history of songs you asked about. If that is sensitive, periodically rotate or delete the file or change where it is written.
- AudD requests audio files to api.audd.io; check AudD's privacy/retention policy before sending audio you consider private. Also keep track of API usage limits/costs.
- The scripts are plain and readable (no obfuscated code). If you have stricter security requirements, inspect the scripts yourself before running and consider running the auth flow on an isolated machine.
If these behaviors are acceptable (local credential files, local log, and a temporary auth server), the skill is coherent and can be used. If you are uncomfortable with any of the above, do not install or modify the scripts to match your security posture (for example, change the redirect URI to a localhost-only address, encrypt stored tokens, or change the memory log location).
功能分析
Type: OpenClaw Skill
Name: music-identify
Version: 1.2.0
The music-identify skill is a well-structured tool for song identification using the AudD API and optional Spotify integration. The scripts (identify.sh, spotify-queue.sh, and spotify-auth.py) perform standard API interactions, handle OAuth flows correctly, and use jq for safe JSON processing. The documentation in SKILL.md correctly identifies necessary credentials and recommends restrictive file permissions (chmod 600), with no evidence of data exfiltration, malicious execution, or prompt injection.
能力评估
Purpose & Capability
Name/description match the implementation. The included scripts call AudD (api.audd.io) and Spotify endpoints only, and the workflow (identify then optionally queue on Spotify) is coherent with the declared purpose.
Instruction Scope
Instructions and scripts read/write local files: AudD API key at ~/.config/audd/api_key, Spotify credentials/tokens under ~/.config/spotify/, and append to memory/music-log.json. They also instruct saving audio temporarily (e.g., /tmp). This is expected for the feature but is a privacy consideration because identified-song history and OAuth tokens are stored locally.
Install Mechanism
No install spec; this is an instruction-only skill with shipped scripts (bash + one small Python auth server). Nothing is downloaded from external or untrusted URLs and no archive extraction occurs.
Credentials
No environment variables are required, but the skill requires filesystem-stored credentials and tokens under the user's home (~/.config). That is proportional to the Spotify/AudD integrations, but users should be aware these files contain secrets and must be protected (the SKILL.md recommends chmod 600).
Persistence & Privilege
Skill does persistent writes only to its own expected places: ~/.config/audd, ~/.config/spotify, and memory/music-log.json. The Spotify auth flow starts a local HTTP server bound to 0.0.0.0:8888 for the callback — this is typical for local OAuth but means the machine will accept incoming HTTP callbacks on that port during auth, which can be exposed if you use a public tunnel. always:false and no cross-skill config modification.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install music-identify - 安装完成后,直接呼叫该 Skill 的名称或使用
/music-identify触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.2.0
v1.2.0: Security fix — removed all Telegram bot token references and config path grep instructions from SKILL.md. Audio download from messaging platforms is now explicitly delegated to the host agent. Skill only handles local audio files. Removed undocumented config path access. Should resolve VirusTotal and OpenClaw security scan flags.
v1.1.0
v1.1.0: Added runtime dependency docs, credential security notes (chmod 600), detailed Telegram audio download workflow, Spotify token auto-refresh docs, structured script reference table, improved error response handling, exit code documentation.
v1.0.0
Song recognition from audio via AudD API + Spotify queue integration. Identify songs from voice clips, get title/artist/Spotify link, optionally queue to active Spotify session.
元数据
常见问题
Music Identify 是什么?
Identify songs from audio clips using AudD API and optionally queue them to Spotify. Triggers on /songsearch command, voice messages with song identification... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 164 次。
如何安装 Music Identify?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install music-identify」即可一键安装,无需额外配置。
Music Identify 是免费的吗?
是的,Music Identify 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Music Identify 支持哪些平台?
Music Identify 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Music Identify?
由 PlayOffP(@playoffp)开发并维护,当前版本 v1.2.0。
推荐 Skills