Last.fm (OpenClaw)

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Last.fm integration that reads listening data and can optionally love or unlove tracks when the user provides write credentials.

Safe for normal Last.fm read-only use with an API key and username. Add LASTFM_SESSION_KEY and LASTFM_API_SECRET only if you want the agent to change your loved tracks, and keep those credentials out of repositories, shared logs, backups, and synced dotfiles where possible.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 86% confidence
Finding: The README documents `love` and `unlove` as available commands, but it does not explicitly warn that these operations change the user's Last.fm account state. In an agent setting, insufficient emphasis on side effects can lead to unintended state-changing actions if a user or upstream workflow assumes all documented commands are read-only.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The guide instructs users to place a long-lived API secret and session key directly into a local JSON config file, but does not discuss plaintext-at-rest risk, file permissions, or use of a system secret store. If that file is exposed through local compromise, backups, dotfile syncing, or accidental sharing, an attacker can reuse the credentials to perform authenticated Last.fm write actions as the user.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal