Security Audit

spotify-player

github.com/openclaw/openclaw

AI SkillCommit b62bd290cb4e

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

spotify-player received a trust score of 90/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 2 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Third-party Homebrew tap for dependency, Potential Command Injection via external tool arguments.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 18, 2026 (commit b62bd290). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

91%

Dependency Graph

100%

LLM Behavioral Safety

100%

Behavioral Risk Signals

Network Access

2 findings

Shell Execution

1 finding

Dynamic Code

1 finding

Security Findings2

Severity	Finding	Layer	Location
MEDIUM	Potential Command Injection via external tool arguments The skill's documentation (SKILL.md) demonstrates usage of external tools like `spogo` and `spotify_player` with user-provided arguments (e.g., `spogo search track "query"`). If the LLM agent constructs these commands by directly embedding unsanitized user input into shell arguments, it could lead to command injection. A malicious user could craft input containing shell metacharacters (e.g., `'; rm -rf /'`) to execute arbitrary commands on the host system when the LLM attempts to run the command. Ensure all user-provided input passed to external shell commands is properly sanitized and escaped. Use libraries or functions designed for safe shell argument escaping (e.g., `shlex.quote` in Python) or prefer using tool-specific APIs that handle argument parsing securely, rather than direct shell execution.	Static	SKILL.md:15
LOW	Third-party Homebrew tap for dependency The skill's manifest specifies the installation of 'spogo' via a third-party Homebrew tap ('steipete/tap'). While Homebrew taps are common for distributing software, relying on external taps introduces a supply chain risk. If the tap or the upstream project it points to were compromised, a malicious 'spogo' formula could be installed on the user's system when installing the skill's dependencies, leading to potential system compromise. Consider using official Homebrew core formulas, verifying the integrity of third-party taps, or providing alternative installation methods from trusted sources. Regularly audit the security of third-party dependencies and their distribution channels.	Static	Manifest

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/56ffa59899682731.svg)](https://skillshield.io/report/56ffa59899682731)