Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Spotify
v2.0.1Full Spotify Premium control + music analysis. Playback: play/pause/next/prev/volume/shuffle/queue. Analysis: top tracks, top artists, liked songs, genre pro...
⭐ 2· 738·0 current·0 all-time
byMixx@mixx85
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md describes a local script (~/.openclaw/scripts/spotify.py) that provides full Spotify control and uses macOS Keychain for credentials, but the registry bundle contains no code and no declared OS restriction. The described capabilities (auto-launching Spotify, keychain access, local script execution) are plausible for a Spotify helper, but the skill does not include the script or clearly declare that macOS and a local script are required.
Instruction Scope
Runtime instructions explicitly demand executing a local script path and adding client_id/client_secret to the macOS Keychain. The skill tells the agent to 'ALWAYS run python3 ~/.openclaw/scripts/spotify.py [cmd]' which gives the agent permission to execute arbitrary local code that is not supplied with the skill. The instructions also direct storing secrets with the macOS security CLI — credential handling is present but not declared in the registry metadata.
Install Mechanism
The registry lists no install spec and there are no code files, yet the SKILL.md metadata includes an install entry for the pip package 'spotipy'. Spotipy is a reasonable dependency, but it does not provide the referenced local script. This mismatch (no install, no code, but instructions that require a script) is inconsistent and increases risk because the expected script could come from an unverified external source or require manual installation steps not documented in the registry.
Credentials
The skill requires Spotify client_id/client_secret stored in macOS Keychain (instructions show using 'security add-generic-password'), but the registry metadata lists no required credentials or primaryEnv. Asking for client credentials is proportionate to the task, but the absence of declared credential requirements and OS restriction is a misalignment and could lead to unexpected secret storage/exposure if the script's behavior is not audited.
Persistence & Privilege
Although always:false and no autonomous elevation flags are set, the instruction to always execute a local script (which the skill does not ship) effectively grants the agent permission to run arbitrary local code whenever invoked. That creates a potentially large blast radius if the referenced script is malicious or replaced — a persistent implicit dependency without provenance is risky.
What to consider before installing
Do not install or run this skill without verifying the missing pieces. Specifically: (1) confirm the repository/source actually provides ~/.openclaw/scripts/spotify.py and inspect its source code to ensure it only does the expected Spotify API and app-control actions, (2) verify the install steps (how the script gets installed) and prefer an explicit, packaged install procedure rather than ad hoc local scripts, (3) be aware this is macOS-specific (uses Keychain and likely AppleScript) — the registry did not declare an OS restriction, (4) only add your Spotify client_id/client_secret to Keychain after auditing the script so you know keys won't be exfiltrated, and (5) request the publisher add explicit install metadata, declare required credentials/OS, or bundle the script so you can review it. If you cannot verify the script/source, treat this skill as unsafe to use.Like a lobster shell, security has layers — review code before you run it.
latestvk97abk4nwwdsrehgb3c0j5kehs831gch
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🎵 Clawdis