Sonos Announce
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to do what it claims for Sonos announcements, but its code starts a LAN web server and builds shell commands from caller-provided paths, which needs review before use.
Review this skill before installing. If you use it, keep announcement files in a dedicated non-sensitive folder, avoid untrusted or oddly named paths, choose an unused HTTP port, and consider patching the code to use safe subprocess argument lists instead of shell commands.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed audio directory path could make the agent run unintended commands on the user's machine.
media_dir is a documented caller-controlled parameter, but it is interpolated into a shell command. A crafted directory path containing quotes or shell syntax could cause unintended local command execution.
def start_http_server(media_dir=None): ... os.system(f'nohup python3 -m http.server {HTTP_PORT} --directory "{media_dir}" > /tmp/sonos_http.log 2>&1 &')Replace os.system shell strings with subprocess calls using an argument list, validate media_dir as a real directory, and avoid passing caller-controlled text through the shell.
If another local service is using port 8888 or the configured port, the skill could terminate it unexpectedly.
The cleanup routine force-kills any process listening on the configured port and also kills matching python http.server commands, without verifying they belong to this skill.
os.system(f"lsof -ti:{HTTP_PORT} | xargs kill -9 2>/dev/null")
os.system(f"pkill -9 -f 'python3 -m http.server {HTTP_PORT}' 2>/dev/null")Only stop the specific child process started by this skill, avoid kill -9 where possible, and warn users before killing unrelated processes by port.
Files placed in the served directory could be reachable by other devices on the same network, not just the Sonos speaker.
The skill intentionally serves a local directory over HTTP so Sonos can fetch audio. This is purpose-aligned, but it may expose all files in that directory to other devices on the LAN while the server is running.
`media_dir` | str | None | Directory where audio file is located (HTTP server will serve from here)
Use a dedicated non-sensitive media directory, avoid serving broad folders such as home or documents directories, and confirm the server is stopped after playback.
Future installs could receive a different soco version than the author tested.
The skill depends on an external Python package without a pinned version, and the registry metadata lists no install spec/source homepage. This is common for simple integrations but reduces reproducibility and provenance clarity.
pip install soco
Install dependencies from trusted package indexes and consider pinning a known-good soco version.
A mistaken invocation may interrupt or play audio across multiple Sonos groups instead of one intended room.
The skill discovers Sonos speakers and plays announcements on all group coordinators, with no visible room or speaker selection in the documented function signature.
def discover_coordinators(): ... speakers = list(soco.discover()) ... def play_announcement(coordinators, audio_url, title=None, artist=None, media_dir=None):
"""Play announcement on all coordinators."""Add or document speaker/room targeting and require clear user intent before broadcasting to all coordinators.