Back to skill
Skillv1.0.7
ClawScan security
SpotiClaw · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 23, 2026, 12:32 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This is an internally consistent Spotify Web API client: it asks only for Spotify app credentials and a token cache, uses the official Spotify endpoints, and its instructions match the included code — the main user risk is storing the Spotify client secret on the agent to enable auto-refresh.
- Guidance
- This skill appears to do what it says: a Spotify client that needs your Spotify app credentials and a token cache. Before installing: (1) If the agent runs on a remote or shared machine, avoid putting SPOTIFY_CLIENT_SECRET into the agent environment unless you accept that the agent can refresh tokens autonomously; instead run auth locally and copy the .spotify_cache manually. (2) Keep the skill folder permissions restrictive so the token and any .env containing secrets aren't accessible to other users/processes. (3) Review the included auth.py and spoticlaw.py if you have additional operational policies (they only contact Spotify endpoints). (4) If you do not want auto-refresh, do not provide SPOTIFY_CLIENT_SECRET on the agent and re-run auth locally when tokens expire. Finally, run this skill in an environment you control (or a least-privilege container) if you are concerned about storing client secrets or long-lived tokens on the agent.
Review Dimensions
- Purpose & Capability
- okName/description match the code and instructions: the package implements Spotify Web API calls and OAuth token management. Required env vars (SPOTIFY_CLIENT_ID, SPOTIFY_CLIENT_SECRET, SPOTIFY_REDIRECT_URI) and the .spotify_cache file are appropriate and expected for OAuth-based Spotify access.
- Instruction Scope
- noteSKILL.md and auth.py keep network calls strictly to Spotify (accounts.spotify.com and api.spotify.com). Instructions explicitly require manual copying of the .spotify_cache token file to the agent and state 'Tokens never pass through the AI model.' Note: to enable automatic refresh the agent must have the app credentials (client secret) available, which the docs disclose — this is a deliberate tradeoff but increases sensitive data stored on the agent.
- Install Mechanism
- okNo install spec; dependencies are standard (requests, python-dotenv) mentioned in requirements.txt and SKILL.md. There are no downloads from untrusted hosts or archive extraction. The code is shipped with the skill.
- Credentials
- noteRequested env vars are proportional to the stated purpose. However SPOTIFY_CLIENT_SECRET is sensitive — granting it to the agent enables automatic token refresh and therefore longer-lived API access from that machine. The code also loads a .env file if present (._env_path) and accepts SPOTIFY_CACHE_PATH, which are reasonable but mean secrets can live in files in the skill directory if the operator places them there.
- Persistence & Privilege
- okalways is false and the skill does not request system-level persistence or modify other skills. The skill reads/writes only its own .spotify_cache file and optional .env; it does not change global agent configuration.