← 返回 Skills 市场
drajb

Ultimate Music Manager

作者 drajb · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
80
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install ultimate-music-manager
功能描述
Organises a messy local music library into a clean Language/Artist/Album hierarchy using acoustic fingerprinting, deduplication, metadata enrichment, and opt...
安全使用建议
This skill appears to be what it says: a local music‑library pipeline that fingerprints, deduplicates, enriches metadata, and optionally syncs to Spotify. Before installing or running it: (1) Backup your music folder (MUSIC_ROOT) or test on a copy — the pipeline moves files and there are separate destructive utilities (opt‑in) even though the canonical pipeline claims not to delete files. (2) Inspect config.py and the bundled scripts yourself — scripts are executed locally and will read/write under MUSIC_ROOT and the DATA_DIR. (3) Run scripts in a virtualenv per the README and use preflight.sh and --dry-run modes first. (4) Only provide Spotify credentials if you intend to use Phase 6; OAuth tokens are cached locally. (5) Be careful when enabling the suggested hook: enabling it modifies your agent hook configuration and will execute the provided shell script on PreToolUse events — review the hook code and enable it only if you trust it. (6) Note the minor oddity that the package bundles scripts but also instructs you to git clone the repo — this is not dangerous but redundant; you can inspect/compare the bundled files before cloning. If you want additional assurance, share config.py or any other script you’re unsure about and I can re-check for hidden network calls, writes outside MUSIC_ROOT, or suspicious behavior.
功能分析
Type: OpenClaw Skill Name: ultimate-music-manager Version: 1.0.1 The bundle contains a shell injection vulnerability in 'scripts/status.sh' where 'eval' is used on configuration values (like MUSIC_ROOT) derived from environment variables, which could lead to arbitrary command execution if a user provides a malformed .env file. Additionally, the skill references several destructive scripts (e.g., 'total_scrub.py', '05D_force_delete_residue.py') that perform bulk file deletions. While the bundle includes a defensive PreToolUse hook ('hooks/safety-guard.sh') designed to warn the AI agent before running these destructive tools, the presence of critical vulnerabilities and high-risk file-deletion capabilities warrants a suspicious classification.
能力标签
requires-oauth-token
能力评估
Purpose & Capability
Name and description match what the skill asks for: it operates on a local MUSIC_ROOT and needs Python 3.12 and git to set up and run the pipeline. Optional env vars (Spotify credentials, FFmpeg path, data dir, etc.) align with the described optional features (Spotify sync, non‑MP3 decoding, token cache).
Instruction Scope
Runtime instructions direct the agent (and user) to run a sequence of local scripts that read and reorganize files under MUSIC_ROOT, produce JSON artifacts, and optionally call Shazam/Apple/Spotify APIs. The instructions also suggest adding a PreToolUse hook that relies on the CLAUDE_TOOL_INPUT environment variable — that is outside the skill's declared env list but is part of the hook mechanism; the hook script shown only prints warnings. The pipeline includes separate destructive utilities (05D, 05F, total_scrub, absolute_zero_sort) but marks them as opt‑in and provides a safety‑guard hook.
Install Mechanism
No arbitrary downloads or extract/install steps in the skill bundle. The SKILL.md recommends cloning the repo from GitHub (a normal release host). The package is instruction‑first with included scripts; the lack of an install spec is somewhat redundant (scripts are bundled but instructions still tell the user to git clone), but this is explainable and not inherently risky.
Credentials
Only one required environment variable (MUSIC_ROOT) is requested; other env vars are optional and correspond to optional features (Spotify OAuth credentials for sync, SHAZAM_CONCURRENCY, FFmpeg binary override, etc.). The safety hook references CLAUDE_TOOL_INPUT but that is a hook input rather than a secret the skill demands. No unrelated credentials (AWS, cloud provider keys, or broad secrets) are requested.
Persistence & Privilege
The skill is not always:true and does not auto‑enable itself. It does instruct the user to enable a PreToolUse hook (via editing .claude/settings.json or openclaw hooks enable) — enabling that hook will cause the included shell script to run on future PreToolUse events. That is a user action and not automatic, but it does grant the skill code the ability to run on agent tool invocations once enabled. The hook itself appears to be a benign safety prompt.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install ultimate-music-manager
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /ultimate-music-manager 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
Version 1.0.1 - Added optional environment variables and binaries (e.g., SPOTIFY credentials, FFMPEG, etc.) to metadata for improved configuration flexibility. - Specified `source` field in metadata with project repository URL. - Clarified the function and use-cases of environment variables and prerequisites in documentation. - Expanded and improved descriptions of pipeline phases and script purposes for greater clarity. - No changes to code; documentation and metadata updates only.
v1.0.0
ultimate-music-manager 1.0.0 - Initial release of a multi-phase music library management pipeline. - Automates sorting, deduplication, and organization of local audio files by Language/Artist/Album. - Identifies unknown songs using Shazam acoustic fingerprinting. - Enriches metadata with iTunes artwork and LrcLib lyrics. - Provides optional sync from the local library to Spotify playlists. - Ensures no files are deleted; suspected duplicates are moved for manual review.
元数据
Slug ultimate-music-manager
版本 1.0.1
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 2
常见问题

Ultimate Music Manager 是什么?

Organises a messy local music library into a clean Language/Artist/Album hierarchy using acoustic fingerprinting, deduplication, metadata enrichment, and opt... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 80 次。

如何安装 Ultimate Music Manager?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install ultimate-music-manager」即可一键安装,无需额外配置。

Ultimate Music Manager 是免费的吗?

是的,Ultimate Music Manager 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Ultimate Music Manager 支持哪些平台?

Ultimate Music Manager 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Ultimate Music Manager?

由 drajb(@drajb)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论