ClawHub

Spotify Player

v1.2.0

Spotify CLI for headless Linux servers. Control Spotify playback via terminal using cookie auth (no OAuth callback needed). Perfect for remote servers withou...

1· 2.4k·3 current·3 all-time
byshaharsh@shaharsha·duplicate of @shaharsha/spogo-linux
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Spotify CLI for headless servers) match the instructions: installing and using spogo, copying Spotify cookies, and optionally using browser automation to start playback. Required binaries (spogo) are appropriate.
Instruction Scope
Instructions focus on installing spogo, creating config and cookie files, and using browser fallback only to start playback. The browser automation step is described as using an isolated agent profile and only clicking Play, but this is an assertion rather than an enforced constraint—the agent is given the ability to open a browser and interact with pages, which is within scope but worth trusting explicitly.
Install Mechanism
No install spec in the registry but the SKILL.md documents 'go install' and downloading Go from go.dev — both are standard, traceable sources (GitHub and go.dev). No obscure download URLs or archive extraction from untrusted hosts are used.
Credentials
No environment variables or unrelated credentials are requested. The skill requires the user to provide two sensitive cookies (sp_dc and sp_t) stored locally — this is necessary for the cookie-auth approach but is high-sensitivity data and should be treated as secrets.
Persistence & Privilege
Skill does not request always:true and does not modify other skills or system-wide configs. It runs on demand and uses only local config/cookie files it tells the user to create.
Assessment
This skill is coherent for controlling Spotify on headless servers, but it requires you to copy sensitive browser cookies (sp_dc and sp_t). Only proceed if you trust the spogo project and understand the risks: store the cookies in a restricted file (~/.config/spogo/cookies/) with tight permissions, avoid checking them into version control, and rotate them if you suspect compromise. Verify the spogo GitHub repository and the binary you install (go install pulls source from GitHub). Be aware that the browser fallback gives the agent the ability to open pages and click UI elements in an isolated profile—confirm your agent runtime truly isolates that profile if you need stricter guarantees. If possible, prefer standard OAuth flows on machines that can support the callback to avoid manual cookie handling.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a5wxc97fg970eq1g1ha0qcn83dpab

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🎵 Clawdis
Any binspogo

Comments