ClawHub

Last.fm (OpenClaw)

v1.0.0

Access Last.fm user profile, now playing, top tracks/artists/albums by period, loved tracks, and optionally love/unlove tracks.

0· 315·0 current·0 all-time
byMagolo Dennis Ooki@dennisooki
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Last.fm profile, now-playing, top items, love/unlove) match the declared requirements and included code. Required binaries (curl, jq) and the primary env var (LASTFM_API_KEY) are appropriate and expected for making Last.fm HTTP requests and parsing JSON.
Instruction Scope
SKILL.md instructions and the bash script stay on-scope: they validate the declared env vars, construct requests to https://ws.audioscrobbler.com/2.0/, parse responses, and enforce guardrails (no external endpoints, URL-encode inputs, respect rate limits). The instructions do not direct reading unrelated files or exfiltrating data to unexpected endpoints.
Install Mechanism
No install spec is provided (instruction-only skill with a shell script). That is low-risk and consistent with a simple curl/jq-based implementation; nothing is downloaded from arbitrary URLs or written by an installer.
Credentials
Required env vars (LASTFM_API_KEY, LASTFM_USERNAME) are minimal and proportional. Optional vars (LASTFM_SESSION_KEY, LASTFM_API_SECRET) are documented and only needed for write operations. The skill does not request unrelated credentials or config paths.
Persistence & Privilege
The skill is not marked always:true, does not claim to modify other skills or system settings, and has no install hooks. It can be invoked by agents (normal default), but it does not request elevated or persistent privileges beyond its own config.
Assessment
This skill appears to do what it says, but the package source is 'unknown'—before installing, consider: (1) verify the skill's origin or inspect scripts/lastfm-api.sh yourself (it is included and readable); (2) only provide LASTFM_API_KEY and LASTFM_USERNAME unless you need write ops—LASTFM_SESSION_KEY and LASTFM_API_SECRET are long-lived and should be treated as secrets (do not commit them to repositories); (3) the script issues API calls that include your api_key in the request URL (normal for Last.fm) — if you are worried about local process visibility or audit logs, be aware of that; (4) if you enable autonomous agent invocation, review agent permissions/policies so it cannot call skills without your intent; and (5) revoke the session key in Last.fm settings if you suspect misuse.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis
Binscurl, jq
EnvLASTFM_API_KEY, LASTFM_USERNAME
Primary envLASTFM_API_KEY
latestvk97dddww426h3hgf2ncxc4j9yn81x9gk
315downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
Magolo Dennis Ooki@dennisooki
latest
Download

Last.fm Profile Skill

Retrieves Last.fm user listening data including now playing, top tracks/artists/albums by time period, and loved tracks. Optionally supports write operations (love/unlove tracks, scrobble) when LASTFM_SESSION_KEY is configured.

Required Environment Variables

Optional Environment Variables

  • LASTFM_SESSION_KEY: Required for write operations (love/unlove, scrobble)
  • LASTFM_API_SECRET: Required to sign write operations (love/unlove, scrobble)

Workflow

  1. Validate required environment variables are present
  2. Ensure dependencies (jq, curl) are available
  3. Determine which command the user is requesting
  4. Determine which command the user is requesting
  5. Construct API request to ws.audioscrobbler.com/2.0/
  6. Execute HTTP GET request with appropriate method and parameters
  7. Parse JSON response and format for user

Supported Commands

Read Operations (No Auth Required)

CommandDescriptionExample
now-playing, npCurrent or most recent track/lastfm np
top-tracks [period]Top tracks by period/lastfm top-tracks 7day
top-artists [period]Top artists by period/lastfm top-artists 1month
top-albums [period]Top albums by period/lastfm top-albums overall
lovedLoved tracks/lastfm loved
recent [limit]Recent tracks (default 10)/lastfm recent 20
profileUser profile info/lastfm profile

Time Periods

  • 7day - Last 7 days
  • 1month - Last 30 days
  • 3month - Last 90 days
  • 6month - Last 180 days
  • 12month - Last year
  • overall - All time (default if not specified)

Write Operations (Auth Required)

CommandDescriptionExample
love <artist> <track>Love a track/lastfm love "Radiohead" "Creep"
unlove <artist> <track>Unlove a track/lastfm unlove "Radiohead" "Creep"

API Request Construction

Base URL: https://ws.audioscrobbler.com/2.0/

Required parameters for all requests:

  • api_key: Value from LASTFM_API_KEY
  • format: json
  • method: API method name

User-specific requests also require:

  • user: Value from LASTFM_USERNAME

Method Parameters

MethodAdditional Parameters
user.getInfouser
user.getRecentTracksuser, limit (optional)
user.getTopTracksuser, period (optional)
user.getTopArtistsuser, period (optional)
user.getTopAlbumsuser, period (optional)
user.getLovedTracksuser
track.loveartist, track, sk (session key)
track.unloveartist, track, sk (session key)

Response Parsing

Now Playing Response

Extract from recenttracks.track[0]:

  • If @attr.nowplaying === "true": currently playing
  • artist.#text - Artist name
  • name - Track name
  • album.#text - Album name

Top Items Response

Extract array from:

  • toptracks.track[] for top tracks
  • topartists.artist[] for top artists
  • topalbums.album[] for top albums

Each item includes:

  • name - Item name
  • playcount - Play count
  • artist.name - Artist (for tracks/albums)
  • @attr.rank - Position in chart

Profile Response

Extract from user:

  • name - Username
  • realname - Real name (if set)
  • playcount - Total scrobbles
  • country - Country
  • registered - Account creation date
  • url - Profile URL

Guardrails

  • Never log or expose API keys or session keys in output
  • Rate limit: respect Last.fm's 5 requests/second limit
  • Write operations must fail gracefully if LASTFM_SESSION_KEY not set
  • All user inputs must be URL-encoded before API calls
  • Only connect to ws.audioscrobbler.com - no external endpoints
  • Handle missing data gracefully (e.g., no now playing, empty loved tracks)
  • Validate period parameter is one of: 7day, 1month, 3month, 6month, 12month, overall
  • Validate recent limit is numeric and within 1–200

Error Handling

Error CodeMeaningAction
10Invalid API keyTell user to check LASTFM_API_KEY
6Invalid parametersCheck required params are present
29Rate limit exceededWait and retry, inform user
26Suspended API keyDirect user to Last.fm support
4Authentication failedCheck session key for write ops

Example Output Formats

Now Playing

🎵 Now Playing:
"Track Name" by Artist Name
from Album Name

Or if not currently playing:

🎵 Last Played:
"Track Name" by Artist Name
Listened: [timestamp]

Top Tracks

🎵 Top Tracks (7 days):

1. "Track One" by Artist One (42 plays)
2. "Track Two" by Artist Two (38 plays)
3. "Track Three" by Artist Three (31 plays)
...

Profile

🎵 Last.fm Profile: username

📊 15,432 total scrobbles
🌍 United Kingdom
📅 Member since: Nov 2002
🔗 last.fm/user/username

Setup Instructions

  1. Get a Last.fm API key at https://www.last.fm/api/account/create
  2. Add to ~/.openclaw/openclaw.json:
{
  skills: {
    entries: {
      lastfm: {
        enabled: true,
        env: {
          LASTFM_API_KEY: "your_api_key_here",
          LASTFM_USERNAME: "your_username"
        }
      }
    }
  }
}
  1. For write operations, see {baseDir}/references/auth-guide.md

Comments

Loading comments...