ClawHub

Spotify

v1.0.0

Terminal Spotify playback/search via spogo (preferred) or spotify_player.

1· 2.1k·0 current·0 all-time
by@engahmedsalah358-lgtm
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the instructions: the SKILL.md tells the agent to use spogo (preferred) or spotify_player for search/playback, which is exactly what the skill claims. Required binaries and the brew install entries align with the stated purpose.
Instruction Scope
Instructions are scoped to Spotify playback/search. One notable action is 'spogo auth import --browser chrome', which implies importing browser cookies/credentials from the user's Chrome profile for authentication — this is relevant to the feature but is an elevated privacy action the user should expect. The skill also references config files under ~/.config/spotify-player which it may read/modify for client_id and settings.
Install Mechanism
Install uses Homebrew formulas: spogo (from the steipete/tap) and spotify_player. Brew installs are common, but the spogo formula is from a third‑party tap rather than the official core tap; that increases trust scrutiny slightly but is not inherently malicious. No downloads/extracts from arbitrary URLs are used.
Credentials
The skill requests no environment variables or external credentials beyond a Spotify Premium account, which is proportionate. The only implicit credential activity is importing browser cookies for spogo auth and reading/writing its own config folder (~/.config/spotify-player), both of which are consistent with authenticating and configuring a local Spotify CLI.
Persistence & Privilege
always is false and the skill makes no requests to modify other skills or global agent settings. The agent is allowed to invoke the skill autonomously (platform default), which is expected for skills.
Assessment
This skill appears to do what it says: control Spotify via the spogo or spotify_player CLIs. Before installing, confirm you are comfortable with: (1) installing Homebrew formulas (spogo comes from a third‑party tap — verify the tap/maintainer), (2) the auth step that may import browser cookies from Chrome (this provides authentication data to the CLI), and (3) the skill creating/reading config files under ~/.config/spotify-player. If you install, review the installed binaries and config files and revoke access if you later remove the tool. If you want stricter control, avoid running the auth import command or review its behavior first.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🎵 Clawdis
Any binspogo, spotify_player

Install

Install spogo (brew)
Bins: spogo
brew install steipete/tap/spogo
Install spotify_player (brew)
Bins: spotify_player
brew install spotify_player
latestvk974afzr6ae81e4as7rnz8bq057zyx5h
2.1kdownloads
1stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@engahmedsalah358-lgtm
latest
Download

spogo / spotify_player

Use spogo (preferred) for Spotify playback/search. Fall back to spotify_player if needed.

Requirements

  • Spotify Premium account.
  • Either spogo or spotify_player installed.

spogo setup

  • Import cookies: spogo auth import --browser chrome

Common CLI commands

  • Search: spogo search track "query"
  • Playback: spogo play|pause|next|prev
  • Devices: spogo device list, spogo device set "<name|id>"
  • Status: spogo status

spotify_player commands (fallback)

  • Search: spotify_player search "query"
  • Playback: spotify_player playback play|pause|next|previous
  • Connect device: spotify_player connect
  • Like track: spotify_player like

Notes

  • Config folder: ~/.config/spotify-player (e.g., app.toml).
  • For Spotify Connect integration, set a user client_id in config.
  • TUI shortcuts are available via ? in the app.

Comments

Loading comments...