last.fm
PassAudited by ClawScan on May 1, 2026.
Overview
This is a simple instruction-only Last.fm API reference skill; it is purpose-aligned, but users should be aware it requires a Last.fm API key and can retrieve user listening/profile data.
This skill appears benign and aligned with its Last.fm lookup purpose. Before installing or using it, be prepared to protect your Last.fm API key and avoid querying or sharing user listening history unless you have permission.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may need to provide a Last.fm API key, which should be kept private and not pasted into public chats, logs, or shared outputs.
The skill requires a Last.fm API key, while the registry metadata declares no required credentials. This is expected for a Last.fm API skill, but users should notice the credential requirement.
## Requirements - Last.fm API Key
Use a dedicated Last.fm API key where possible, avoid exposing it in shared conversations or URLs, and rotate it if it is accidentally disclosed.
Requests may reveal or retrieve Last.fm usernames, listening history, timestamps, and public profile details.
The skill can query Last.fm for user listening activity and profile-related data through an external provider API. This is disclosed and purpose-aligned, but it may involve personal music-listening information.
Get the list of recently scrobbled tracks by a user, including timestamps and “now playing” status.
Only query accounts you are authorized to inspect, avoid sharing sensitive listening data unintentionally, and be mindful that API requests go to Last.fm.