Is songsee safe?

https://clawhub.ai/steipete/songsee

90
SAFE

Songsee is a documentation-only skill that wraps a CLI tool for audio spectrogram generation. It contains no executable code, no prompt injection vectors, and no data exfiltration attempts. The only notable risk is the external Homebrew tap installation which pulls a binary outside the auditable surface. Filesystem monitoring activity is attributed to the OpenClaw platform runtime, not the skill itself.

Category Scores

Prompt Injection 95/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 80/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (4)

LOW External Homebrew tap install -10

The skill's metadata specifies installation via 'brew install steipete/tap/songsee', which pulls a binary from an author-controlled Homebrew tap. This binary is not included in the skill repository and cannot be audited here. The binary's behavior depends entirely on what the tap formula builds/downloads.

INFO Platform runtime reads sensitive-path files -20

During skill installation, the OpenClaw runtime read .env, .aws/credentials, .openclaw/openclaw.json, .profile, and .bashrc. These reads are attributed to the host platform initialization (evidenced by consistent OpenClaw config reads and JIT cache creation), not the skill itself. However, this means the platform exposes these files during the install window.

INFO No prompt injection vectors detected -5

SKILL.md contains only CLI documentation with standard flag descriptions. No instruction overrides, persona manipulation, hidden text, or external URL references found.

INFO Stdin pipe pattern is low-risk -15

The documented 'cat track.mp3 | songsee -' pattern is standard Unix CLI usage. An agent could theoretically be prompted to pipe sensitive files through songsee, but the tool only generates images from audio data and this would require explicit user/attacker instruction.