ClawHub

Spotify

v1.0.0

Terminal Spotify playback/search via spogo (preferred) or spotify_player.

1· 2k·0 current·0 all-time
by@engahmedsalah358-lgtm
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md tells the agent to use spogo (preferred) or spotify_player for search/playback, which is exactly what the skill claims. Required binaries and the brew install entries align with the stated purpose.
Instruction Scope
Instructions are scoped to Spotify playback/search. One notable action is 'spogo auth import --browser chrome', which implies importing browser cookies/credentials from the user's Chrome profile for authentication — this is relevant to the feature but is an elevated privacy action the user should expect. The skill also references config files under ~/.config/spotify-player which it may read/modify for client_id and settings.
Install Mechanism
Install uses Homebrew formulas: spogo (from the steipete/tap) and spotify_player. Brew installs are common, but the spogo formula is from a third‑party tap rather than the official core tap; that increases trust scrutiny slightly but is not inherently malicious. No downloads/extracts from arbitrary URLs are used.
Credentials
The skill requests no environment variables or external credentials beyond a Spotify Premium account, which is proportionate. The only implicit credential activity is importing browser cookies for spogo auth and reading/writing its own config folder (~/.config/spotify-player), both of which are consistent with authenticating and configuring a local Spotify CLI.
Persistence & Privilege
always is false and the skill makes no requests to modify other skills or global agent settings. The agent is allowed to invoke the skill autonomously (platform default), which is expected for skills.
Assessment
This skill appears to do what it says: control Spotify via the spogo or spotify_player CLIs. Before installing, confirm you are comfortable with: (1) installing Homebrew formulas (spogo comes from a third‑party tap — verify the tap/maintainer), (2) the auth step that may import browser cookies from Chrome (this provides authentication data to the CLI), and (3) the skill creating/reading config files under ~/.config/spotify-player. If you install, review the installed binaries and config files and revoke access if you later remove the tool. If you want stricter control, avoid running the auth import command or review its behavior first.

Like a lobster shell, security has layers — review code before you run it.

latestvk974afzr6ae81e4as7rnz8bq057zyx5h

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
Any binspogo, spotify_player

Install

Install spogo (brew)
Bins: spogo
brew install steipete/tap/spogo
Install spotify_player (brew)
Bins: spotify_player
brew install spotify_player

Comments