WiiM
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a straightforward WiiM speaker-control skill, with the main things to notice being its use of an external CLI package and its ability to control local-network speakers.
This skill looks reasonable for controlling WiiM speakers. Before using it, make sure you trust the external `wiim-cli` package and specify the intended speaker host when you do not want auto-discovery to choose a device.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or running the package gives that external CLI code the ability to execute locally under the user's account.
The skill relies on an external CLI package installed or run through `uv`/`uvx`; this is central to the skill's purpose, but the artifact does not pin a version or identify a trusted publisher.
uv tool install wiim-cli # Or run directly without installing uvx --from wiim-cli wiim --help
Install only if you trust the `wiim-cli` package source; consider checking its package page and pinning a known-good version.
The agent could affect the wrong local speaker if the target device is ambiguous or auto-discovered unexpectedly.
The documented commands can control playback and volume on a local speaker, and auto-discovery may select a device without an explicit IP address.
All commands accept `--host <ip>` to target a specific device. If omitted and only one device is on the network, it auto-discovers.
Specify `--host <ip>` for the intended WiiM device and ask for confirmation before disruptive actions such as changing volume or playing a new URL.