ableton-live-mcp-control

SUSPICIOUS: the skill is broadly aligned with Ableton automation, but it relies on a third-party MCP server outside the publisher's org, includes transitive installation, and grants the agent arbitrary Python execution with direct project-modifying power. Data flows stay mostly local and there is no clear credential harvesting, so this is high-capability and medium-risk rather than confirmed malware.