Roon Controller

PassAudited by ClawScan on May 1, 2026.

Overview

The skill coherently controls Roon playback and stores a local Roon authorization token; the sensitive parts are disclosed and aligned with the stated purpose.

This appears safe for its stated purpose if you are comfortable letting the agent control Roon playback. Before installing, note that it saves a Roon token under `~/clawd/roon_config.json` and depends on the external `roonapi` Python package; keep the token file private and install dependencies from a trusted source.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Info

#ASI02: Tool Misuse and Exploitation

What this means

The agent may start, pause, skip, or switch playback zones when invoked for Roon control.

Why it was flagged

The skill exposes commands that can mutate Roon playback state and selected zones. This is exactly the stated purpose, but users should recognize that enabling it allows the agent to control music playback.

Skill content

python roon_controller.py play ... python roon_controller.py pause ... python roon_controller.py next ... python roon_controller.py switch zonename

Recommendation

Install only if you want the agent to control Roon playback, and verify the selected zone before using commands that affect shared speakers.

Low

#ASI03: Identity and Privilege Abuse

What this means

Anyone with access to that local config file could potentially reuse the Roon token to control the authorized Roon extension.

Why it was flagged

The code persists the Roon authorization token and connection details locally. This supports reconnecting without repeated authorization and matches the documentation, but the token grants continued Roon control.

Skill content

CONFIG_FILE = CONFIG_DIR / "roon_config.json" ... config = { 'core_id': self.core_id, 'token': self.token, 'selected_zone': self.selected_zone, 'host': self.host, 'port': self.port } ... json.dump(config, f)

Recommendation

Keep `~/clawd/roon_config.json` private, use normal user-only file permissions, and revoke the extension in Roon if you no longer trust or use the skill.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A later roonapi release installed in the future may behave differently from the version originally tested by the skill author.

Why it was flagged

The dependency is lower-bound constrained rather than pinned to an exact version. The dependency is expected for the Roon API integration, but future package versions could change behavior.

Skill content

roonapi>=0.1.6

Recommendation

Install the dependency from a trusted package source and consider pinning a known-good roonapi version if reproducibility matters.