ClawHub
Back to skill

Security audit

Spotify-Linux

Security checks across malware telemetry and agentic risk

Overview

This skill is a narrowly scoped Spotify-on-Linux controller, but users should expect it to launch Spotify, change playback, and leave the Spotify app running.

Install this only on a Linux desktop where you want OpenClaw to control Spotify. Be aware that playing a URI starts audio immediately, volume can be changed, and Spotify may remain running after the agent task ends; close Spotify manually if you do not want it to persist.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Vague Triggers

Medium
Confidence
93% confidence
Finding
The activation description is broad enough to match general Spotify playback requests, which can cause the skill to be selected for actions that immediately affect a live desktop session. In this context, the skill can launch Spotify and issue playback commands, so over-broad routing increases the chance of unintended media control or audio playback.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documents that OpenUri starts playback immediately, but it does not present this as a user-facing warning or require confirmation before execution. That makes accidental audio playback more likely, especially when a search result is converted directly into a track URI and sent to Spotify.

Session Persistence

Medium
Category
Rogue Agent
Content
# 1. Discover Xauthority path
XAUTHORITY=$(ps aux | grep -E 'Xwayland|Xorg' | grep -oP '\-auth \S+' | head -1 | cut -d' ' -f2)

# 2. Launch with setsid (fully detached, survives agent restarts)
DISPLAY=:0 XAUTHORITY="$XAUTHORITY" setsid -f spotify >/dev/null 2>&1

# 3. Wait for DBus registration (Spotify needs ~5-8 seconds)
Confidence
91% confidence
Finding
setsid

Session Persistence

Medium
Category
Rogue Agent
Content
XAUTHORITY=$(ps aux | grep -E 'Xwayland|Xorg' | grep -oP '\-auth \S+' | head -1 | cut -d' ' -f2)

# 2. Launch with setsid (fully detached, survives agent restarts)
DISPLAY=:0 XAUTHORITY="$XAUTHORITY" setsid -f spotify >/dev/null 2>&1

# 3. Wait for DBus registration (Spotify needs ~5-8 seconds)
for i in $(seq 1 10); do
Confidence
90% confidence
Finding
setsid

Session Persistence

Medium
Category
Rogue Agent
Content
done
```

Key: `setsid -f` puts Spotify in its own session, independent of the launching process tree. Without it, `nohup &` still binds the process to the same session and it dies when the parent session terminates.

## 2. Search and Play a Track
Confidence
88% confidence
Finding
setsid

Session Persistence

Medium
Category
Rogue Agent
Content
done
```

Key: `setsid -f` puts Spotify in its own session, independent of the launching process tree. Without it, `nohup &` still binds the process to the same session and it dies when the parent session terminates.

## 2. Search and Play a Track
Confidence
88% confidence
Finding
nohup

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.