ClawHub

Apple Media Officialpm 0.1.1

v1.0.0

Discover and control Apple media/AirPlay devices (HomePod, Apple TV, AirPlay speakers) from macOS. Use when you want to scan for AirPlay devices, map names→I...

0· 133·0 current·0 all-time
by@durtydhiana
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill's code and SKILL.md align with the stated purpose: scanning AirPlay/Apple TV devices and delegating speaker control to Airfoil. Minor mismatch: the registry metadata declares no required binaries/env but the instructions and scripts require external tools (pipx + pyatv/atvremote, node for JSON parsing, Airfoil and a separate airfoil skill script). Those dependencies are reasonable for the described functionality but are not declared in the top-level requirements.
Instruction Scope
Instructions and bundled scripts limit themselves to local network scanning (atvremote scan), parsing scan output, and delegating to an airfoil control script. The Node parser reads stdin or a local file and does not execute shell commands. The scripts do not read unrelated system files or attempt to exfiltrate data to external endpoints.
Install Mechanism
There is no install spec; this is an instruction-and-script bundle. The README suggests installing pyatv via pipx and Airfoil via Homebrew/Cask. No remote download/install URLs are embedded in the skill files themselves.
Credentials
The skill requests no environment variables or credentials and the code does not attempt to access secrets. It will surface local IPs from network scans (expected behavior) and may require pairing/auth for some devices, which is normal for pyatv usage.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and contains only helper scripts; it does not persist credentials or modify system-wide agent settings.
Assessment
This skill is coherent with its description but requires several external tools that are not enforced in the registry metadata—install pipx + pyatv (atvremote), Node.js (for scan-json.js), and Airfoil (and ensure the referenced ../airfoil/airfoil.sh exists). Before running: (1) review the sibling airfoil script to ensure it behaves as you expect, (2) run scans on a trusted/local network because they enumerate local IPs and device identifiers, and (3) be prepared to perform device pairing (pyatv may prompt for credentials) — no secrets are sent by the skill itself. If you want stronger guarantees, ask the author to declare required binaries in the skill metadata and to include or link the expected airfoil helper script location.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bdt5zf07cb1qw69k8tqn5z9835dmd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments