ClawHub

Roon Controller

v1.0.3

Control Roon music player through Roon API with automatic Core discovery and zone filtering. Supports play/pause, next/previous track, and current track query. Automatically finds Muspi zones. Supports Chinese commands.

3· 2.2k·4 current·4 all-time
by@puterjam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description (Roon control, zone filtering, basic playback) align with the included code and SKILL.md. The package depends only on the roonapi library and operates against a Roon Core on the local network. No unrelated services, binaries, or credentials are requested.
Instruction Scope
SKILL.md instructs installing roonapi and using the provided API/CLI to discover the local Roon Core, control playback, and persist settings. All instructions are scoped to Roon Core discovery, zone selection, token storage, and playback control. The instructions do reference creating/saving a local config file (~/clawd/roon_config.json), which is necessary for persistent Roon authorization.
Install Mechanism
No packaged install spec is included; SKILL.md recommends pip install roonapi and a requirements.txt is present. This is low-risk: the only dependency is a public Python package (roonapi). There are no downloads from arbitrary URLs or extract steps.
Credentials
The skill requests no environment variables or external credentials (good). It does persist an authorization token and selected zone to ~/clawd/roon_config.json; this is proportionate to the purpose (the token is how the extension authenticates to the Roon Core) but means the token is stored on disk and could be used to control the user's Roon system if the file is accessed by others.
Persistence & Privilege
The skill writes a persistent config directory in the user's home (~/.clawd) and auto-saves the Roon token and selected zone, so it retains the ability to reconnect without reauthorization. always is false and the skill does not modify other skills or system-wide settings. Persistent token storage is expected for this use case but increases the importance of securing the config file.
Assessment
This skill appears to do what it says: discover a local Roon Core and control playback. Before installing, consider: (1) The skill will create ~/clawd/roon_config.json and save the Roon authorization token there in plaintext — anyone with access to that file can control your Roon Core, so set restrictive file permissions or run under a dedicated account. (2) The skill operates on your local network only (it uses roonapi); it does not request cloud API keys or contact third-party endpoints according to the provided files. (3) The code includes a small bug (a truncated return name seen in the provided snippet) — running the tool in a controlled environment first is wise. (4) If you want stronger isolation, run the skill in a VM or dedicated user account. If you need any part of the code reviewed in full (the file was truncated in the listing), provide the complete source and I can re-check for problematic patterns.

Like a lobster shell, security has layers — review code before you run it.

latestvk971kat17zhjk16kcpjy6ct22h804nsmmusicvk971kat17zhjk16kcpjy6ct22h804nsmroonvk971kat17zhjk16kcpjy6ct22h804nsm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments