ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

whatisxlistening.to

v1.3.0

Query Last.fm listening data, show now playing, sync scrobble history to local DB, and deploy a personal "now playing" web dashboard. Use when user asks about current music, listening stats, scrobble history, or wants to set up a Last.fm dashboard.

0· 2k·0 current·0 all-time
byBenjamin Poile@poiley·duplicate of @poiley/lastfm-dashboard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
stale
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's name/description describe a Last.fm dashboard (sync scrobbles, now-playing UI). However the workspace includes many unrelated skills and scripts (findmy-location, brain-sync, Hammerspoon helpers, auto-updater, ClawdHub CLI, etc.). The Last.fm skill's own docs reference required environment variables (LASTFM_API_KEY, LASTFM_USERNAME) and deployment artifacts (k8s manifests), but the registry metadata declares no required env vars — a clear mismatch. Several files (brain-sync docs, ensue integration) and tools included are unrelated to a simple dashboard and give this package a much broader footprint than the name suggests.
!
Instruction Scope
Runtime instructions and scripts do more than query Last.fm: brain-sync.sh reads/writes a user's Obsidian vault, copies local memory files, and talks to an 'Ensue' API; ensue-api.sh reads an ENSUE_API_KEY from env or macOS Keychain; findmy-location automates the macOS Find My app (including taking screenshots) using peekaboo and Hammerspoon; Hammerspoon config starts an HTTP server on localhost:9090 to accept arbitrary click/type commands. These instructions reference many system paths (~/.hammerspoon, ~/mnt/services, ~/clawd, ~/.config) and credentials outside the stated Last.fm purpose. Several instructions and scripts would read or transmit personal data (Obsidian notes, Ensue memories, screenshots) unrelated to music data.
Install Mechanism
There is no install spec (instruction-only at registry level), which limits automatic install risk. However the repository contains runnable code (lastfm_cli.py, server.py, k8s manifests, shell scripts, tests). Running or deploying these files (e.g., running server.py or applying k8s manifests) would execute code and could create network services or cron jobs. The absence of an install spec reduces supply-chain clarity: nothing is automatically vetted or sandboxed by the registry metadata.
!
Credentials
Registry metadata lists no required env vars, but project docs and code expect several credentials: LASTFM_API_KEY and LASTFM_USERNAME for the Last.fm app, ENSUE_API_KEY (or keychain entry) for Ensue integration, and other files embed CouchDB admin credentials in docs. Scripts read from the macOS Keychain and system file paths. The number and sensitivity of needed credentials (API keys, admin DB password in docs) is disproportionate for a single-user Last.fm dashboard and is not declared in the registry metadata.
!
Persistence & Privilege
The package contains an 'auto-updater' skill and instructions for cron jobs (daily auto-update), brain-sync.sh that is intended to run periodically, and documentation about scheduling and gateway cron integration. While the skill metadata does not set always:true, the included artifacts and docs instruct creating recurring jobs and services (Hammerspoon HTTP server, a web server, Kubernetes deployment) that give the repository persistent, long-lived presence on a system and potential access to local data. This combination (background sync scripts + local HTTP control endpoints + instructions to auto-update) increases risk if you run the code without isolating it.
What to consider before installing
Do not run or deploy this package blindly. Specific things to check before installing: - The registry metadata declares no required env vars, but the docs/code require LASTFM_API_KEY and LASTFM_USERNAME — ensure you supply only the minimal Last.fm credentials (and preferably create a scoped API key) and never reuse high-privilege secrets. - The repository bundles unrelated tooling (Find My automation, Hammerspoon HTTP API, brain-sync that touches your Obsidian vault, an auto-updater, and k8s manifests). If you only want the Last.fm dashboard, extract and audit only the `skills/whatisxlistening-to/` files rather than installing the whole workspace. - The docs include hardcoded infrastructure credentials (CouchDB admin user/password in brain-sync docs). Treat this as a secret leak: don't run any scripts that reference those endpoints until you confirm they are dummy/test values. Remove or rotate any leaked credentials you control. - Inspect server.py and lastfm_cli.py for outbound network calls and data handling (where data is sent, whether it logs or posts to external endpoints). Prefer running the server inside an isolated container or VM and bind it to localhost only. - Hammerspoon and findmy-location code can take screenshots and control the UI (click/type). Only run those on machines where you understand and accept that level of access; they require Accessibility and Screen Recording permissions on macOS. - Avoid enabling any auto-update/cron automation until you review the auto-updater logic; auto-updaters increase risk if the update source or update process is not strictly controlled. If you want help: I can (1) list the exact files that reference sensitive credentials, (2) summarize server.py's network behavior, or (3) produce a minimal checklist/command list to safely run the Last.fm parts inside a container.

Like a lobster shell, security has layers — review code before you run it.

latestvk971x7hjxz3w2jjwrfcjp1zh1n8003vs

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments