warn
suspicious.install_untrusted_source
- Location
- config.json:7
- Finding
- Install source points to URL shortener or raw IP.
Spotify Intelligence
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.install_untrusted_source
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
ConcernHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
If authorized with these scopes, the skill could make visible or persistent changes to the user's Spotify account, including playback state, saved library, and playlists.
Why it was flagged
These OAuth scopes allow modifying playback, the user's library, and private/public playlists. The stated capability covers Spotify recommendations and playback, but the provided instructions do not clearly bound when library or public playlist changes may occur.
Skill content
"scopes": ["user-read-playback-state", "user-modify-playback-state", ... "user-library-modify", "playlist-modify-private", "playlist-modify-public", "user-top-read"]
Recommendation
Use the smallest Spotify scopes needed for the chosen workflow, split read-only and write-capable modes, and require explicit user confirmation before any library or playlist modification.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
A user or agent invoking the queue action can alter the active Spotify queue.
Why it was flagged
The recommendation helper can invoke the playback control script to add recommended tracks to the Spotify queue. This matches the playback/recommendation purpose, but it is still an account-state-changing action.
Skill content
if args.action == "queue": ... "playback_control.py", "queue_add", "--query", name or ""
Recommendation
Treat queue/playback actions as write actions and confirm the target device and number of tracks before running them.
NoteHigh Confidence
ASI06: Memory and Context PoisoningWhat this means
Anyone with access to the local files may learn listening history or potentially reuse stored Spotify tokens.
Why it was flagged
The skill persists OAuth tokens and a local SQLite knowledge/history store. This is disclosed and aligned with recommendations and feedback, but it contains sensitive account and listening-behavior data.
Skill content
local-storage:\n - data/tokens.json\n - data/spotify-intelligence.sqlite\n... Stores OAuth tokens locally on the host
Recommendation
Store the data directory securely, avoid sharing it, and provide clear cleanup or token-revocation guidance.