ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Spotify Playlist Curator

v1.0.3

Create and refine Spotify playlists using the Spotify Web API, with support for track search, recent and top listening lookups, queueing selected tracks, and...

0· 54·0 current·0 all-time
by@rachel-howell
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill implements Spotify playlist curation and legitimately needs Spotify OAuth credentials and access to playlists/playback; it also calls ReccoBeats and MusicBrainz (both reasonable for recommendations/genres). However, registry metadata claims 'Required env vars: none' while the code and SKILL.md clearly require SPOTIPY_CLIENT_ID / SPOTIPY_CLIENT_SECRET and a tokens file. The metadata omission is an incoherence that could mislead users about required secrets.
Instruction Scope
SKILL.md and scripts confine actions to Spotify, ReccoBeats, and MusicBrainz and to local files (creating .venv, .env, token JSON, and a MusicBrainz cache). The runtime instructs the agent to run provided CLI scripts and check status; it does not instruct scanning unrelated system files. One point to note: the code searches multiple candidate locations for credential and token files (skill root, script dir, current working dir, cwd/secrets), which expands where secrets may be read from.
Install Mechanism
There is no remote binary/install spec; installation is via the included scripts/setup.sh which creates a local virtualenv and pip-installs dependencies from requirements.txt (spotipy, requests). No downloads from untrusted URLs or extract-from-URL steps are present.
!
Credentials
Requested/environmental secrets are proportional to the functionality (Spotify client id/secret + OAuth tokens with playlist and playback scopes). However the registry metadata does not declare these required env vars or primary credential, which is misleading. Also the code will look for .env and token files in multiple paths (including cwd/secrets), increasing the chance of accidentally picking up credentials from an unexpected location.
Persistence & Privilege
The skill writes local state (virtualenv, .env placeholder if missing, spotify_tokens.json, and a .mb_cache directory) under the skill directory or other candidate paths. It does not request 'always: true', does not modify other skills, and its persistence is limited to local cache and token files — behavior consistent with an OAuth-based client.
What to consider before installing
This skill appears to implement what it claims (Spotify playlist curation) and uses reasonable external services (ReccoBeats, MusicBrainz). Before installing: 1) Be aware you must create a Spotify developer app and provide SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET; the package metadata omitted this — treat that as a red flag and ask the publisher to correct it. 2) The auth flow will store OAuth tokens (refresh/access) to spotify_tokens.json in the skill directory or other candidate locations (cwd, secrets/). If you use a shared machine, run the skill in an isolated directory or VM and verify where tokens are written. 3) Review scripts/spotify_client.py and scripts/spotify_auth.py yourself to confirm tokens are only used locally (they are) and not exfiltrated to unknown endpoints. 4) Note the skill calls api.reccobeats.com (public recommendations) and musicbrainz.org (public genre lookups); these endpoints are expected but verify you trust them for your privacy model. 5) If you are not comfortable giving playlist/edit and playback scopes to a third-party skill, do not install. If possible, request that the maintainer update the registry metadata to list the required env vars and explain token storage locations. Running the skill in an isolated environment (dedicated user account or VM) and inspecting token files after auth are good safety steps.

Like a lobster shell, security has layers — review code before you run it.

latestvk97asq1fxhre267qhh1rnnktm583vgg5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments