ClawHub

Sonoscli

Control Sonos speakers (discover/status/play/volume/group).

MIT-0 · Free to use, modify, and redistribute. No attribution required.
41 · 59.7k · 1.9k current installs · 2k all-time installs
byPeter Steinberger@steipete
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (control Sonos speakers) matches the SKILL.md instructions (invoke a local `sonos` CLI). However, the registry metadata at the top of the submission lists no required binaries or install spec, while the SKILL.md's embedded metadata declares a required 'sonos' binary and a Go install (github.com/steipete/sonoscli). That inconsistency between declared registry requirements and the runtime instructions is unexpected and should be clarified.
Instruction Scope
SKILL.md instructs only to run the `sonos` CLI against devices on the local network (discover, status, play, volume, grouping). It references SSDP and an IP override and optionally the Spotify Web API credentials for Spotify search. Instructions do not ask the agent to read unrelated files or exfiltrate data to external endpoints beyond the Sonos/Spotify flows.
Install Mechanism
The SKILL.md metadata includes an install entry that uses the Go module github.com/steipete/sonoscli/cmd/sonos@latest to produce a 'sonos' binary. Installing code from a public GitHub Go module is common but non-trivial: it requires a Go toolchain and executes remote code (moderate risk). The install source (GitHub) is reasonable, but because the registry-level spec omitted this, confirm the exact install command and inspect the upstream repo before running.
Credentials
No required environment variables are declared at the registry level, but SKILL.md notes optional SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET for Spotify searches. These optional variables are proportional to the described Spotify feature. Do not supply Spotify credentials unless you trust the upstream package.
Persistence & Privilege
The skill does not request persistent/always-on installation and uses default autonomous invocation. It does not attempt to modify other skills or system-wide config in the instructions provided.
What to consider before installing
This SKILL.md appears to wrap an existing Sonos CLI tool, which is reasonable for the stated purpose. However, the registry metadata omitted the 'sonos' binary requirement and the Go-based install that are present in SKILL.md—this mismatch could be a benign metadata oversight or a sign the package was packaged incorrectly. Before installing: (1) verify the upstream GitHub project (github.com/steipete/sonoscli) and inspect its source and recent releases, (2) confirm you are comfortable running `go install` from that module (it will compile and install remote code), (3) do not provide SPOTIFY_CLIENT_SECRET/ID unless you trust the code, and (4) consider running the install in a restricted environment (container or VM) if you want to limit risk. If the publisher cannot explain the metadata discrepancy, treat the skill cautiously or prefer an alternative with consistent metadata and a published release tarball or package.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97fjvgjgf7dp5gdbkmw8m8mbn7ykcv3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔊 Clawdis
Binssonos

Install

Install sonoscli (go)
Bins: sonos
go install github.com/steipete/sonoscli/cmd/sonos@latest

SKILL.md

Sonos CLI

Use sonos to control Sonos speakers on the local network.

Quick start

  • sonos discover
  • sonos status --name "Kitchen"
  • sonos play|pause|stop --name "Kitchen"
  • sonos volume set 15 --name "Kitchen"

Common tasks

  • Grouping: sonos group status|join|unjoin|party|solo
  • Favorites: sonos favorites list|open
  • Queue: sonos queue list|play|clear
  • Spotify search (via SMAPI): sonos smapi search --service "Spotify" --category tracks "query"

Notes

  • If SSDP fails, specify --ip <speaker-ip>.
  • Spotify Web API search is optional and requires SPOTIFY_CLIENT_ID/SECRET.

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…