ClawHub

Freesound API

v0.1.0

Set up and use Freesound API access from a local Windows OpenClaw workspace with OAuth login, local credential storage, and sound search helpers. Use when th...

0· 51·0 current·0 all-time
byStanislav Stankovic@stanestane
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Freesound API helpers: OAuth, local credential storage, search, download) aligns with included scripts (setup_credentials, oauth_login, search_sounds, download_sound, sound_details, and helpers). No unrelated binaries or environment variables are required.
Instruction Scope
SKILL.md instructs running included Python scripts, starting a localhost callback server, opening the browser, and saving credentials to %APPDATA% — all consistent with local OAuth flow. It only references the credential file and local scripts. Note: the code saves client_secret and tokens in plaintext under %APPDATA% (credentials.json), which is expected but worth noting. Also api_utils falls back to using the saved client_secret as an API 'token' parameter if no OAuth token exists; confirm this matches your Freesound app expectations (some APIs expose a separate API key).
Install Mechanism
No install spec; this is instruction-only with bundled Python scripts. The only dependency called out is the 'requests' library, which SKILL.md mentions to install if missing. No remote downloads or archive extraction are performed by the skill itself.
Credentials
The skill requests no environment variables or external credentials at install time. It does read APPDATA (to compute the local storage path) and writes client_id/client_secret and OAuth tokens to %APPDATA%/OpenClaw/freesound-api/credentials.json. Storing secrets locally in plaintext is expected here but has the usual risk if the machine is shared or backups are synced — rotate secrets if exposed.
Persistence & Privilege
always is false and the skill does not request persistent platform-wide privileges. It only creates and uses its own application directory and credential file; it does not modify other skills or system-wide agent configs.
Assessment
This skill appears coherent and implements a local OAuth and search/download helper for Freesound. Before using: (1) inspect the included scripts yourself (they are bundled) and run them in an isolated Python environment; (2) be aware credentials are saved in plaintext at %APPDATA%/OpenClaw/freesound-api/credentials.json — do not commit that file or paste secrets into chat; (3) the OAuth flow starts a localhost server and opens your browser to complete login (expected); (4) verify that using the saved client_secret as an API 'token' matches your Freesound app configuration; (5) if a secret becomes exposed, rotate it immediately.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ap3w2ncf9x4yefbqsk12w8d857d1v
51downloads
0stars
1versions
Updated 1d ago
v0.1.0
MIT-0
Stanislav Stankovic@stanestane
latest
Download

freesound-api

Use this as a local-only skill. Do not publish Freesound client secrets inside the skill.

Local storage

This skill stores credentials in:

  • %APPDATA%\OpenClaw\freesound-api\credentials.json

Keep the secret there, not in SKILL.md.

Setup credentials

Save the app credentials locally:

python scripts\setup_credentials.py --client-id '<CLIENT_ID>' --client-secret '<CLIENT_SECRET>' --redirect-uri 'http://localhost:8787/callback'

Use the same redirect URI here that was registered in Freesound.

Complete OAuth login

Run:

python scripts\oauth_login.py

What it does:

  1. Starts a temporary localhost callback server on port 8787
  2. Opens the Freesound authorization page in the browser
  3. Receives the authorization code at http://localhost:8787/callback
  4. Exchanges it for an access token
  5. Saves the token back into %APPDATA%\OpenClaw\freesound-api\credentials.json

If the browser does not open, copy the printed URL manually.

Search sounds

Run:

python scripts\search_sounds.py "rain" --page-size 10

Examples with filters:

python scripts\search_sounds.py "rain" --license cc0 --duration-min 5 --duration-max 60
python scripts\search_sounds.py "thunder" --tag storm --tag ambience
python scripts\search_sounds.py "wind" --filter "samplerate:[44100 TO *]"

The search helper prefers OAuth bearer token auth if available. If there is no OAuth token yet, it falls back to using the saved Freesound secret as the token parameter for simple API calls.

Get sound details

Run:

python scripts\sound_details.py 322965

Use this to inspect metadata, previews, ratings, tags, format details, and the direct download endpoint for a sound.

Download a sound

Run:

python scripts\download_sound.py 322965 --out-dir downloads

Download a preview instead of the original file:

python scripts\download_sound.py 322965 --preview hq-mp3 --out-dir previews

This saves the original file or selected preview into the chosen output directory using the current OAuth token or saved API key.

Public-safe publishing

If publishing this skill publicly, publish only the skill folder and scripts. Do not publish %APPDATA%\OpenClaw\freesound-api\credentials.json or any client secret.

Notes

  • Keep the redirect URI consistent. A mismatch will break the token exchange.
  • Prefer OAuth login for user-level access.
  • If a secret was pasted into chat, treat it as exposed and rotate it after testing.
  • If requests is missing locally, install it in the Python environment before running the scripts.

Comments

Loading comments...