Skills
skills/minimax-ai/skills/minimax-music-playlist/Gen Agent Trust Hub

minimax-music-playlist

Warn

Audited by Gen Agent Trust Hub on Apr 13, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses osascript to interact with the macOS Music app and executes shell commands like find and ls to locate private data files in the user's home directory and Library folders.
  • [REMOTE_CODE_EXECUTION]: It instructs the agent to 'write scanning/analysis scripts on the fly' using Python's standard library, which involves generating and running code at runtime to process music metadata extracted from the system.
  • [DATA_EXFILTRATION]: The skill reads private listening history from local application databases (NetEase) and user-provided JSON exports (Spotify). It also queries the external MusicBrainz API with artist names derived from this local data.
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of an external CLI tool (mmx-cli) via npm and provides instructions for authenticating with an external API using an API key.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 13, 2026, 09:37 AM