Trust Assessment
apple-music received a trust score of 73/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 5 findings: 0 critical, 1 high, 2 medium, and 1 low severity. Key findings include Sensitive path access: AI agent config, Sensitive environment variable access: $HOME, JSON Injection vulnerability during config file creation.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/tyler6204/apple-music/SKILL.md:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/tyler6204/apple-music/setup.sh:41 | |
| MEDIUM | JSON Injection vulnerability during config file creation The `setup.sh` script constructs `config.json` by directly interpolating user-provided or derived variables (`$DEVELOPER_TOKEN`, `$MUSIC_USER_TOKEN`, `$KEY_ID`, `$TEAM_ID`, `$STOREFRONT`) into a JSON string using a `cat << EOF` block. If any of these variables contain unescaped double quotes or other JSON-breaking characters, it could lead to malformed JSON, causing parsing errors in `apple-music.sh` or potentially allowing an attacker to inject arbitrary JSON fields if they can control the input to these variables. Ensure all variables interpolated into JSON (`$DEVELOPER_TOKEN`, `$MUSIC_USER_TOKEN`, `$KEY_ID`, `$TEAM_ID`, `$STOREFRONT`) are properly JSON-escaped before being written to `config.json`. A safer approach would be to use a JSON-aware tool (e.g., `jq`) to construct the JSON object, or a templating engine that handles escaping. | LLM | setup.sh:159 | |
| LOW | Temporary local HTTP server serving skill directory content The `setup.sh` script temporarily starts a `python3` HTTP server (`http.server.SimpleHTTPRequestHandler`) bound to `127.0.0.1` on a dynamic port. This server serves all files from the skill's directory (`$SKILL_DIR`). While intended for `auth.html` and bound to localhost, if sensitive files are inadvertently placed in `$SKILL_DIR` or if a local attacker can redirect traffic or exploit other local vulnerabilities, these files could be exposed or exfiltrated. It's generally safer to serve only specific, non-sensitive files or use a more restricted server. Consider serving only the `auth.html` file explicitly, or using a more secure method for local authentication flow that doesn't expose the entire skill directory. Ensure no sensitive files are ever placed in the skill directory that could be served by this temporary server. | LLM | setup.sh:90 | |
| INFO | Storage of sensitive API credentials in local configuration file The skill stores sensitive Apple Music API credentials, including developer tokens, user tokens, Key ID, and Team ID, in `config.json` within the skill's directory. While `chmod 600` is applied to restrict file permissions, the presence of these credentials in a local file makes them a target for exfiltration if the skill's execution environment or the host system is compromised. This is a common pattern for skills requiring API access but highlights a sensitive asset. While necessary for functionality, consider implementing additional layers of protection for `config.json`, such as encryption at rest, or exploring alternative credential management solutions if available within the agent's ecosystem. Educate users on the sensitivity of this file. | LLM | setup.sh:159 |
Scan History
Embed Code
[](https://skillshield.io/report/f96cc3e647bcf9cf)
Powered by SkillShield