Back to skill
Skillv1.0.1
VirusTotal security
spotify-control · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:33 AM
- Hash
- 91dff9a98e094c5f51234c7a2c7e99fd068ef9cb457c60a14cec18856d7ce7da
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: spotify-control Version: 1.0.1 The spotify-control skill provides a Python wrapper for macOS AppleScript to manage Spotify playback. It is classified as suspicious due to a command injection vulnerability in `scripts/spotify-control.py`, where the `set-volume` and `set-position` actions unsafely interpolate user-provided arguments directly into AppleScript strings. This allows for potential arbitrary code execution (e.g., using AppleScript's `do shell script` command) if a malicious value is passed to the script. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal