The Agent Skills Directory

[COMMAND_EXECUTION]: The skill uses shell commands to interact with the system's cron table (crontab). It provides instructions to programmatically append new tasks to the user's cron configuration, which establishes persistence on the host machine.
Evidence: The skill body contains the command sequence (crontab -l 2>/dev/null; echo "分时 * * * /usr/local/bin/node /path/to/main.js 场景") | crontab -.
[COMMAND_EXECUTION]: The skill relies on and executes external CLI tools and scripts from the local file system.
Evidence: References to the use of ncm-cli and execution of scripts via /usr/local/bin/node /path/to/main.js.
[DATA_EXFILTRATION]: The skill accesses local files containing sensitive user data, such as listening preferences and history, and provides a mechanism to transmit this data to external IM platforms (e.g., Feishu/Lark) using the OpenClaw tool.
Evidence: Accessing files in ~/.config/ncm/ and pushing recommendations to IM channels.
[PROMPT_INJECTION]: The skill has a surface for indirect prompt injection because it processes untrusted metadata from an external music API and possesses high-privilege capabilities.
Ingestion points: Data retrieved via ncm-cli including songTag, artists, and song name fields in SKILL.md.
Boundary markers: Absent; there are no clear delimiters or instructions to ignore embedded commands in the processed music metadata.
Capability inventory: Modification of system cron jobs, local file system access/writes, and outbound network communication via IM integration tools.
Sanitization: While user input is validated for content safety, external metadata ingested from the music service is not sanitized or escaped before being used in prompts or logic.

netease-music-assistant