Skillv1.0.3

ClawScan security

ClawSpotify · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 1, 2026, 9:54 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill implements the advertised Spotify controls, but it requires you to extract and store browser session cookies and to install an unvetted third‑party SpotAPI implementation — a supply‑chain / credential‑sensitivity concern that you should review before installing.
Guidance: This skill appears to do what it says, but it uses an unofficial auth method (copying sp_dc and sp_key browser cookies) and installs a custom SpotAPI library from a personal GitHub repo. Before installing: (1) Inspect the SpotAPI and spotify.py source yourself (or use a trusted fork) to ensure nothing exfiltrates stored cookies; (2) Treat sp_dc/sp_key as sensitive — do not paste them into untrusted terminals or share them; (3) Restrict permissions on ~/.config/spotapi/session.json (e.g., chmod 600); (4) Prefer an official OAuth flow or a disposable/test Spotify account if possible; (5) Consider running the skill in an isolated environment (container or dedicated VM) if you’re uncomfortable with installing third‑party code on your main system.

Review Dimensions

Purpose & Capability: noteName/description match the code and commands: the Python CLI and wrapper implement playback, search, queue, volume, etc. Requiring bash and python3 is reasonable. The one unusual design choice is authenticating via browser session cookies (sp_dc and sp_key) instead of an official OAuth flow — it is coherent with the stated goal but notable and sensitive.
Instruction Scope: noteSKILL.md and the CLI ask you to copy sp_dc and sp_key from the browser DevTools and run 'clawspotify setup' to write them to ~/.config/spotapi/session.json. The instructions do not ask to read unrelated files or network endpoints, but they explicitly instruct the user to extract and persist sensitive session cookies (full access tokens) which could be reused or exfiltrated if the installed code or environment is compromised.
Install Mechanism: noteThere is no registry install spec; installation instructions clone two GitHub repos (ClawSpotify and a custom SpotAPI by the same author) and pip install an editable dependency. Downloading and running third‑party code from a personal GitHub account is traceable but unvetted and therefore a supply‑chain risk — expected for this approach but worth reviewing before proceeding.
Credentials: noteThe skill does not request environment variables or unrelated credentials. It does, however, require you to supply and persist sensitive Spotify session cookies (sp_dc, sp_key) in a local config file. That is proportionate to the technique chosen (cookie‑based auth) but sensitive; you should treat those values like passwords and verify the code that stores/uses them.
Persistence & Privilege: okSkill does not request elevated privileges, does not set always:true, and only writes its own config/session file and a virtualenv as documented. This level of persistence is typical and within the scope of a CLI skill.