ClawHub

Spotify Player

v1.2.0

Spotify CLI for headless Linux servers. Control Spotify playback via terminal using cookie auth (no OAuth callback needed). Perfect for remote servers withou...

1· 2.4k·3 current·3 all-time
byshaharsh@shaharsha·duplicate of @shaharsha/spogo-linux
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Spotify CLI for headless servers) match the instructions: installing and using spogo, copying Spotify cookies, and optionally using browser automation to start playback. Required binaries (spogo) are appropriate.
Instruction Scope
Instructions focus on installing spogo, creating config and cookie files, and using browser fallback only to start playback. The browser automation step is described as using an isolated agent profile and only clicking Play, but this is an assertion rather than an enforced constraint—the agent is given the ability to open a browser and interact with pages, which is within scope but worth trusting explicitly.
Install Mechanism
No install spec in the registry but the SKILL.md documents 'go install' and downloading Go from go.dev — both are standard, traceable sources (GitHub and go.dev). No obscure download URLs or archive extraction from untrusted hosts are used.
Credentials
No environment variables or unrelated credentials are requested. The skill requires the user to provide two sensitive cookies (sp_dc and sp_t) stored locally — this is necessary for the cookie-auth approach but is high-sensitivity data and should be treated as secrets.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide configs. It runs on demand and uses only local config/cookie files it tells the user to create.
Assessment
This skill is coherent for controlling Spotify on headless servers, but it requires you to copy sensitive browser cookies (sp_dc and sp_t). Only proceed if you trust the spogo project and understand the risks: store the cookies in a restricted file (~/.config/spogo/cookies/) with tight permissions, avoid checking them into version control, and rotate them if you suspect compromise. Verify the spogo GitHub repository and the binary you install (go install pulls source from GitHub). Be aware that the browser fallback gives the agent the ability to open pages and click UI elements in an isolated profile—confirm your agent runtime truly isolates that profile if you need stricter guarantees. If possible, prefer standard OAuth flows on machines that can support the callback to avoid manual cookie handling.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis
Any binspogo
latestvk97a5wxc97fg970eq1g1ha0qcn83dpab
2.4kdownloads
1stars
6versions
Updated 4w ago
v1.2.0
MIT-0
shaharsh@shaharsha
latest
Download

Spogo - Spotify CLI for Linux Servers

Control Spotify from headless Linux servers using cookie-based auth. No OAuth callback needed - perfect for remote servers.

Why This Skill?

The original spotify-player skill by steipete on ClawHub assumes local browser access for cookie import (spogo auth import --browser chrome). On headless Linux servers without a local browser, this doesn't work.

This skill documents the cookie-based workaround - copy 2 browser cookies and you're done. No OAuth, no localhost needed.

Requirements

  • Spotify Premium account
  • Go 1.21+ installed
  • User's Spotify browser cookies

Installation (Linux)

1. Install Go (if not installed)

# Ubuntu/Debian
sudo apt update && sudo apt install -y golang-go

# Or download latest from https://go.dev/dl/
wget https://go.dev/dl/go1.23.4.linux-amd64.tar.gz
sudo tar -C /usr/local -xzf go1.23.4.linux-amd64.tar.gz
echo 'export PATH=$PATH:/usr/local/go/bin:~/go/bin' >> ~/.bashrc
source ~/.bashrc

2. Install spogo

go install github.com/steipete/spogo/cmd/spogo@latest

This installs to ~/go/bin/spogo. Add to PATH if needed:

echo 'export PATH=$PATH:~/go/bin' >> ~/.bashrc
source ~/.bashrc

3. Verify

spogo --version
# spogo v0.2.0

Setup (Cookie Auth)

Since OAuth requires localhost callback (impossible on remote servers), we use cookie auth instead.

1. Get cookies from browser

Have the user open DevTools → Application → Cookies → open.spotify.com and copy:

  • sp_dc - Main auth token (long string, required)
  • sp_t - Device ID (UUID format, required for playback)

2. Create config

Create ~/.config/spogo/config.toml:

default_profile = "default"

[profile.default]
cookie_path = "~/.config/spogo/cookies/default.json"
market = "IL"
language = "en"

3. Create cookies file

Create ~/.config/spogo/cookies/default.json:

[
  {
    "name": "sp_dc",
    "value": "USER_SP_DC_VALUE",
    "domain": ".spotify.com",
    "path": "/",
    "expires": "2027-01-01T00:00:00Z",
    "secure": true,
    "http_only": true
  },
  {
    "name": "sp_t",
    "value": "USER_SP_T_VALUE",
    "domain": ".spotify.com",
    "path": "/",
    "expires": "2027-01-01T00:00:00Z",
    "secure": false,
    "http_only": false
  }
]

4. Verify

spogo auth status
# → "Cookies: 2 (file)"

Commands

# Search
spogo search track "query"
spogo search track "query" --json --limit 5

# Play
spogo play spotify:track:ID
spogo play                    # Resume
spogo pause
spogo next / spogo prev

# Devices
spogo device list --json
spogo device set "DEVICE_ID"

# Status
spogo status
spogo status --json

"missing device id" Error - Browser Fallback

spogo needs an active Spotify session. If no device played recently, you can start one via the browser.

Note: This is optional and only needed when spogo device list returns no active devices. It opens open.spotify.com in the agent's isolated browser profile (not the user's personal browser). The agent only navigates to Spotify and clicks Play — no other browser state is accessed.

  1. Open track in browser:
browser open https://open.spotify.com/track/TRACK_ID profile=openclaw

  1. Click Play via browser automation

  2. Transfer to target device:

spogo device set "DEVICE_ID"

The Spotify session stays active for hours after playback.

Rate Limits

  • Connect API (default): No rate limits ✓
  • Web API (--engine web): Rate limited (429 errors)
  • For library access when rate limited → use browser automation

Troubleshooting

"missing device id"

No active Spotify session. Use browser fallback (see above) to start playback first.

"401 Unauthorized"

Cookies expired. Get fresh cookies from browser and update the JSON file.

Commands work but no sound

Check spogo device list - playback might be on wrong device. Use spogo device set "DEVICE_ID" to switch.

Security & Privacy

  • Cookie handling: sp_dc and sp_t are stored locally in ~/.config/spogo/cookies/ — treat them as secrets, never log or share them
  • Network access: spogo only communicates with Spotify APIs (api.spotify.com, open.spotify.com)
  • Browser fallback: Optional — only used when no active Spotify device exists. Uses the agent's browser profile to open open.spotify.com and click Play. This does NOT extract additional cookies or access other browser state
  • Install source: go install from the official steipete/spogo GitHub repository — open source, auditable

Notes

  • Cookie expiry: ~1 year, but may invalidate if user logs out or changes password
  • Premium required: Free accounts can't use Connect API
  • Market setting: Change market in config for correct regional availability (IL, US, etc.)

Comments

Loading comments...