Security Audit
sundial-org/awesome-openclaw-skills:skills/apple-music
github.com/sundial-org/awesome-openclaw-skillsTrust Assessment
sundial-org/awesome-openclaw-skills:skills/apple-music received a trust score of 48/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 2 findings: 0 critical, 1 high, 1 medium, and 0 low severity. Key findings include Sensitive path access: AI agent config, Sensitive environment variable access: $HOME.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on March 3, 2026 (commit 6d998e00). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings2
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | Sensitive path access: AI agent config Access to AI agent config path detected: '~/.clawdbot/'. This may indicate credential theft. Verify that access to this sensitive path is justified and declared. | Static | skills/apple-music/SKILL.md:4 | |
| MEDIUM | Sensitive environment variable access: $HOME Access to sensitive environment variable '$HOME' detected in shell context. Verify this environment variable access is necessary and the value is not exfiltrated. | Static | skills/apple-music/setup.sh:41 |
Scan History
Embed Code
[](https://skillshield.io/report/ef1cfa6a6e59400f)
Powered by SkillShield