Spotify Openclaw
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This looks like a real Spotify helper, but it requests broad Spotify account permissions and stores OAuth access locally, including some authority that is not clearly needed for the documented commands.
Review the Spotify OAuth consent screen before authorizing. The skill is useful and purpose-aligned, but it should ideally request fewer scopes, especially if you only want playback and playlist creation. Use a dedicated Spotify developer app, keep the token cache private, and confirm playlist or playback changes before letting the agent run them.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the skill's token could allow more Spotify account access than users may expect, including modifying saved library data and accessing profile/email information.
The script requests broad Spotify OAuth scopes. Playback and playlist scopes fit the purpose, but user-library-modify and user-read-email are not clearly justified by the documented commands, which mostly read liked songs rather than modify the library or use the email address.
"user-read-private", "user-read-email", "user-library-read", "user-library-modify", "playlist-modify-private", "playlist-modify-public", "user-modify-playback-state"
Remove unused OAuth scopes, especially user-library-modify and user-read-email unless a documented command needs them; clearly list all requested Spotify permissions before first authorization.
Anyone with access to the local machine or token cache may be able to use the authorized Spotify permissions.
The skill discloses that Spotify developer credentials are stored locally and an OAuth token is cached. This is normal for a Spotify integration, but it is sensitive account-access material.
Credentials stored in macOS Keychain ... First auth (browser opens once, then token is cached)
Use a dedicated Spotify developer app, review the OAuth consent screen carefully, and revoke the app from Spotify settings if you stop using the skill.
Spotify playback or playlist changes may occur when the agent interprets a request as requiring this skill.
This instruction pushes the agent toward tool execution whenever the skill is used. That is mostly purpose-aligned for Spotify control, but it is a broad instruction that can cause real account actions rather than a purely informational answer.
> **ALWAYS run `python3 ~/.openclaw/scripts/spotify.py [cmd]`** — never respond with text only.
Confirm mutating actions such as creating playlists, adding tracks, changing playback, or queueing songs before execution.
Future installs may receive a different Spotipy version than the author tested.
The skill depends on an external Python package installed from pip. This is expected for Spotify API access, but the artifact does not pin a package version.
Python 3 + spotipy (`pip install spotipy`)
Pin a known-good Spotipy version or install it in an isolated Python environment.
Your music history, liked songs, and taste profile may become visible in the chat context and any logs your OpenClaw setup keeps.
The skill intentionally retrieves private listening history and library-derived data into the agent conversation for analysis.
Analysis: top tracks & artists across 3 time periods, genre profile, liked songs breakdown.
Avoid using analysis commands in shared sessions, and review OpenClaw logging or memory settings if your listening history is private.