Skills
skills/tencentmusic/qqmusic-skills/qqmusic/Socket

qqmusic

Warn

Audited by Socket on Jun 13, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core music-search/recommendation functionality aligns with the stated purpose and uses same-org QQ Music domains, so this does not look like confirmed malware. But the skill persists API keys by editing shell profiles and advertises an auto-download/replace updater whose source and integrity are not provided, creating medium trust and secret-handling risk.

Confidence: 100%Severity: 60%
Audit Metadata
Analyzed At
Jun 13, 2026, 07:11 AM
Package URL
pkg:socket/skills-sh/tencentmusic%2Fqqmusic-skills%2Fqqmusic%2F@2b80fabd2725795491b421e0cc746e54332090b7ddad366c6715887438f84507
Security Audit — socket — qqmusic