← Back to Skills Marketplace
whatisxlistening.to
by
Benjamin Poile
· GitHub ↗
· v1.3.0
2067
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install whatisxlistening-to
Description
Query Last.fm listening data, show now playing, sync scrobble history to local DB, and deploy a personal "now playing" web dashboard. Use when user asks about current music, listening stats, scrobble history, or wants to set up a Last.fm dashboard.
Usage Guidance
Do not run or deploy this package blindly. Specific things to check before installing:
- The registry metadata declares no required env vars, but the docs/code require LASTFM_API_KEY and LASTFM_USERNAME — ensure you supply only the minimal Last.fm credentials (and preferably create a scoped API key) and never reuse high-privilege secrets.
- The repository bundles unrelated tooling (Find My automation, Hammerspoon HTTP API, brain-sync that touches your Obsidian vault, an auto-updater, and k8s manifests). If you only want the Last.fm dashboard, extract and audit only the `skills/whatisxlistening-to/` files rather than installing the whole workspace.
- The docs include hardcoded infrastructure credentials (CouchDB admin user/password in brain-sync docs). Treat this as a secret leak: don't run any scripts that reference those endpoints until you confirm they are dummy/test values. Remove or rotate any leaked credentials you control.
- Inspect server.py and lastfm_cli.py for outbound network calls and data handling (where data is sent, whether it logs or posts to external endpoints). Prefer running the server inside an isolated container or VM and bind it to localhost only.
- Hammerspoon and findmy-location code can take screenshots and control the UI (click/type). Only run those on machines where you understand and accept that level of access; they require Accessibility and Screen Recording permissions on macOS.
- Avoid enabling any auto-update/cron automation until you review the auto-updater logic; auto-updaters increase risk if the update source or update process is not strictly controlled.
If you want help: I can (1) list the exact files that reference sensitive credentials, (2) summarize server.py's network behavior, or (3) produce a minimal checklist/command list to safely run the Last.fm parts inside a container.
Capability Assessment
Purpose & Capability
The skill's name/description describe a Last.fm dashboard (sync scrobbles, now-playing UI). However the workspace includes many unrelated skills and scripts (findmy-location, brain-sync, Hammerspoon helpers, auto-updater, ClawdHub CLI, etc.). The Last.fm skill's own docs reference required environment variables (LASTFM_API_KEY, LASTFM_USERNAME) and deployment artifacts (k8s manifests), but the registry metadata declares no required env vars — a clear mismatch. Several files (brain-sync docs, ensue integration) and tools included are unrelated to a simple dashboard and give this package a much broader footprint than the name suggests.
Instruction Scope
Runtime instructions and scripts do more than query Last.fm: brain-sync.sh reads/writes a user's Obsidian vault, copies local memory files, and talks to an 'Ensue' API; ensue-api.sh reads an ENSUE_API_KEY from env or macOS Keychain; findmy-location automates the macOS Find My app (including taking screenshots) using peekaboo and Hammerspoon; Hammerspoon config starts an HTTP server on localhost:9090 to accept arbitrary click/type commands. These instructions reference many system paths (~/.hammerspoon, ~/mnt/services, ~/clawd, ~/.config) and credentials outside the stated Last.fm purpose. Several instructions and scripts would read or transmit personal data (Obsidian notes, Ensue memories, screenshots) unrelated to music data.
Install Mechanism
There is no install spec (instruction-only at registry level), which limits automatic install risk. However the repository contains runnable code (lastfm_cli.py, server.py, k8s manifests, shell scripts, tests). Running or deploying these files (e.g., running server.py or applying k8s manifests) would execute code and could create network services or cron jobs. The absence of an install spec reduces supply-chain clarity: nothing is automatically vetted or sandboxed by the registry metadata.
Credentials
Registry metadata lists no required env vars, but project docs and code expect several credentials: LASTFM_API_KEY and LASTFM_USERNAME for the Last.fm app, ENSUE_API_KEY (or keychain entry) for Ensue integration, and other files embed CouchDB admin credentials in docs. Scripts read from the macOS Keychain and system file paths. The number and sensitivity of needed credentials (API keys, admin DB password in docs) is disproportionate for a single-user Last.fm dashboard and is not declared in the registry metadata.
Persistence & Privilege
The package contains an 'auto-updater' skill and instructions for cron jobs (daily auto-update), brain-sync.sh that is intended to run periodically, and documentation about scheduling and gateway cron integration. While the skill metadata does not set always:true, the included artifacts and docs instruct creating recurring jobs and services (Hammerspoon HTTP server, a web server, Kubernetes deployment) that give the repository persistent, long-lived presence on a system and potential access to local data. This combination (background sync scripts + local HTTP control endpoints + instructions to auto-update) increases risk if you run the code without isolating it.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install whatisxlistening-to - After installation, invoke the skill by name or use
/whatisxlistening-to - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.3.0
fix: track info z-index above ejected vinyl disc
v1.2.0
Unified repo structure
v1.1.0
Add streak calculation, album art cache, timezone support
v1.0.0
Initial release: Last.fm CLI + web dashboard
Metadata
Frequently Asked Questions
What is whatisxlistening.to?
Query Last.fm listening data, show now playing, sync scrobble history to local DB, and deploy a personal "now playing" web dashboard. Use when user asks about current music, listening stats, scrobble history, or wants to set up a Last.fm dashboard. It is an AI Agent Skill for Claude Code / OpenClaw, with 2067 downloads so far.
How do I install whatisxlistening.to?
Run "/install whatisxlistening-to" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is whatisxlistening.to free?
Yes, whatisxlistening.to is completely free (open-source). You can download, install and use it at no cost.
Which platforms does whatisxlistening.to support?
whatisxlistening.to is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created whatisxlistening.to?
It is built and maintained by Benjamin Poile (@poiley); the current version is v1.3.0.
More Skills