whatisxlistening.to
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is advertised as a Last.fm dashboard skill, but the visible package includes a broader personal-agent workspace with exposed credentials and unrelated automation, memory-sync, update, and location-tracking capabilities.
Do not install this package as-is. Wait for a clean release containing only the whatisxlistening-to Last.fm dashboard files, with exposed secrets removed and rotated, required environment variables declared, and unrelated auto-update, memory-sync, UI-automation, and location-tracking materials excluded.
Findings (7)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user installing a music dashboard could unintentionally receive unrelated agent behavior, scripts, and documentation with much broader authority.
The top-level artifact for the evaluated skill is a workspace inventory, not a scoped whatisxlistening-to skill file; it shows unrelated local skills bundled or referenced in the package.
## Local / Unpublished ... `auto-updater` ... `findmy-location` ... `second-brain` ... `self-improving-agent`
Repackage only the whatisxlistening-to skill files with its own current SKILL.md, and remove workspace-level files before publishing.
Anyone with access to the package could use these credentials to access or alter private synced notes if the service is reachable.
The artifact exposes live-looking CouchDB admin credentials for a private Obsidian/brain-sync database, unrelated to the declared Last.fm purpose.
Admin User: `admin` - Admin Password: `97gYy7MzaxFMvI0IuyOJ5khu` - Database: `obsidian`
Remove the credentials from the package, rotate the CouchDB password immediately, and use a secret manager or environment variables instead.
If invoked, the agent could use a local account credential to mutate a remote knowledge store outside the user’s music-dashboard request.
This bundled script reads a local Keychain credential and can create, update, or delete remote Ensue memories, but the evaluated skill metadata declares no credentials and this is not needed for Last.fm.
API_KEY=$(security find-generic-password -a "clawdbot" -s "ensue-api-key" -w 2>/dev/null || true) ... create_memory ... update_memory ... delete_memory
Remove this script from the skill package, or make it a separate clearly declared integration with explicit user approval and scoped credentials.
Private notes or agent memory could be copied into persistent remote memory and later reused as context beyond the original task.
The script scans local Obsidian knowledge files and pushes selected note contents into a remote embedded memory service; this broad persistent knowledge sync is unrelated to Last.fm.
find "$OBSIDIAN_VAULT/Knowledge" -name "*.md" -type f ... grep -q "ensue_sync: *true" ... create_memory ... "embed":true
Exclude memory-sync code from this skill, and require explicit path limits, approval, retention rules, and clear disclosure for any knowledge-base synchronization.
A background job could change installed agent code and skills without per-update review, affecting future behavior across tasks.
The package includes instructions for persistent autonomous updates of the agent and all installed skills, which is outside the stated Last.fm dashboard purpose.
This skill sets up a daily cron job that: ... Updates Clawdbot itself ... Updates all installed skills (via `clawdhub update --all`)
Do not bundle auto-update behavior with this skill; make it a separate opt-in skill with dry-run review and clear rollback guidance.
If set up, any local process or agent able to call localhost:9090 could click or type into applications on the user’s Mac.
The documentation provides a local HTTP API for UI clicks and keystrokes with Accessibility privileges; this is powerful system automation and unrelated to a Last.fm dashboard.
server:setPort(9090) ... path == "/type" ... hs.eventtap.keyStrokes(data.text) ... path == "/key" ... hs.eventtap.keyStroke(data.modifiers or {}, data.key)Do not install or enable this UI automation as part of the Last.fm skill; if needed separately, add authentication, narrow commands, and require user approval for sensitive actions.
A music-dashboard install could expose the agent to contact-location workflows and Apple account context the user did not expect.
The package includes an unrelated Find My location-tracking skill that depends on Apple account access and sensitive physical-location data.
Track shared contacts via Apple Find My with street-corner accuracy. ... iCloud account signed in on your Mac ... Location sharing enabled
Remove the Find My skill from this package and publish it separately with explicit privacy warnings, permission requirements, and user-directed invocation.