music

SUSPICIOUS. The core music-generation behavior is coherent, but the trust model is not: the skill centers on an unverifiable listenhub binary, references auto-install/auto-login, and sits in an ecosystem that uses transitive skill installation. Data flows are broadly proportional to music generation, but the opaque CLI provenance and hidden auth/install path materially raise risk.