Is keyfrog-21k/last-fm safe?

The oathe monitoring system recorded reads of /home/oc-exec/.env, .ssh/id_rsa, .aws/credentials, .npmrc, .docker/config.json, and .config/gcloud/application_default_credentials.json. Temporal analysis shows these accesses (audit records 270-275, epoch 1771935582.275) occurred approximately 5 seconds before the skill's git clone began (audit record 500, epoch 1771935587.776). Because the skill was not yet present on disk at the time of these reads, the oathe monitoring framework's pre-install canary initialization is the only credible actor. A second cluster of identical reads at epoch 1771935600.124 (post-install) matches the expected pattern of a post-install integrity sweep. All canary file contents were confirmed intact by the canary integrity check.

The skill documents Last.fm's standard api_key= query parameter pattern for every method. When an LLM uses this skill, it will embed the user-provided API key as a plaintext URL parameter in outbound HTTP requests to ws.audioscrobbler.com. This is the documented and expected Last.fm authentication method, not an exfiltration technique. The skill does not instruct the agent to locate or read API keys from local files, environment variables, or credential stores.

The installed skill consists of three markdown/JSON files with no runnable content. No package.json install scripts, no git hooks, no .gitattributes filter drivers, no submodules, and no symlinks were found. The skill cannot execute code at install time or at runtime beyond directing the LLM to make HTTP requests to the documented Last.fm API.