ClawHub

sonos

v1.0.0

Control Sonos speakers (discover/status/play/volume/group).

1· 2.3k·16 current·17 all-time
by@maddydci45-svg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the declared requirements: the skill requires the 'sonos' CLI binary and the SKILL.md shows commands to control Sonos speakers (discover/status/play/volume/group). The go install target (github.com/steipete/sonoscli/...) is the expected upstream for a sonos CLI.
Instruction Scope
Runtime instructions are limited to invoking the local 'sonos' CLI against devices on the local network and an optional Spotify Web API search (which is clearly documented as requiring SPOTIFY_CLIENT_ID/SECRET). The SKILL.md does not instruct the agent to read unrelated files, environment variables, or exfiltrate data.
Install Mechanism
Install uses a public Go module (github.com/steipete/sonoscli/cmd/sonos@latest) to build/install the 'sonos' binary. This is a typical approach but carries the usual moderate risk of fetching/building third‑party code at install time — not immediately suspicious but worth verifying the upstream repo before installing.
Credentials
No required environment variables or credentials are declared. The SKILL.md documents optional SPOTIFY_CLIENT_ID/SECRET for Spotify Web API search — this is proportional and optional.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It will invoke a local binary (or install one) and run it; that is expected for a CLI wrapper.
Assessment
This skill appears to do what it says: control Sonos devices via the 'sonos' CLI. Before installing, you should: (1) verify the upstream Go module/repository (github.com/steipete/sonoscli) so you trust the code being fetched and built; (2) be aware the CLI will access your local network to discover/control speakers; (3) only provide SPOTIFY_CLIENT_ID/SECRET if you need Spotify search and trust the integration; and (4) if you prefer, install or audit the 'sonos' binary yourself (rather than allowing the skill to fetch/build it) to reduce supply-chain risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk97637921qvz5w7yb3sbe95sa180cw78

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔊 Clawdis
Binssonos

Install

Install sonoscli (go)
Bins: sonos
go install github.com/steipete/sonoscli/cmd/sonos@latest

Comments