qqmusic
Warn
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to modify system configuration files (
~/.bashrcand~/.zshrc) to persist theQQMUSIC_API_KEY. This persistence mechanism alters the user's shell environment by appending or substituting export commands. - [EXTERNAL_DOWNLOADS]: The skill documents a 'Skill Upgrade' feature in
version.mdthat involves checking for updates via an API and then downloading and replacing skill files. While the instructions limit downloads to vendor-controlled domains (y.qq.comorgithub.com/tencentmusic), this mechanism facilitates the dynamic replacement of code and instructions from a remote source.
Audit Metadata