← Back to Skills Marketplace
78
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install spotify-player-hardened
Description
Terminal Spotify playback/search via spogo (preferred) or spotify_player.
Usage Guidance
This skill appears to do what it says: control Spotify from the terminal via spogo or spotify_player. Before installing or running it: 1) Confirm you have Spotify Premium if you need playback/Connect features. 2) Inspect the Homebrew formula and the tap (steipete/tap) for spogo before adding it — third‑party taps can contain arbitrary install scripts. 3) Never allow the agent to run `spogo auth import` or to read ~/.config/spotify-player without your explicit approval — that command imports browser cookies and can expose session tokens. 4) Follow the embedded guardrails: require confirmation for any destructive action and avoid copying credentials into chat. If you want maximum safety, install and run the CLI yourself and only give the agent permission to run strictly scoped commands after you review them.
Capability Analysis
Type: OpenClaw Skill
Name: spotify-player-hardened
Version: 1.0.0
The skill bundle provides Spotify playback and search capabilities using legitimate CLI tools (spogo and spotify_player). It is explicitly designed with a 'hardened' security posture, including defensive instructions in SKILL.md that act as guardrails to prevent the AI agent from leaking credentials, accessing sensitive config files without consent, or exfiltrating data. The SAFETY.md file provides a comprehensive safety evaluation and rationale for these protections, and no evidence of malicious intent or obfuscation was found.
Capability Tags
Capability Assessment
Purpose & Capability
Name/description (terminal Spotify playback/search) match the declared runtime needs: it requires either the spogo or spotify_player CLI and offers brew install specs for those packages. No unrelated credentials or binaries are requested.
Instruction Scope
SKILL.md stays within the stated purpose (search/playback, device selection, status). However, it explicitly recommends running `spogo auth import --browser chrome`, which reads browser session cookies — a sensitive local operation. The file also includes guardrails that require explicit confirmation before auth/import or reading config files; these guardrails mitigate risk but must be enforced at runtime.
Install Mechanism
Installation is via Homebrew formulas (lower risk than arbitrary URL downloads). One formula (spogo) is from a third‑party tap (steipete/tap) rather than Homebrew core; third‑party taps can install arbitrary code, so verify the tap/formula before installing. The two brew entries duplicate the same id field (minor metadata inconsistency).
Credentials
The skill requests no environment variables or external credentials, which is appropriate. It documents a local config path (~/.config/spotify-player) and mentions setting a user client_id for Connect — that is expected and proportional to the feature set.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent system presence. disable-model-invocation is false (normal). The SKILL.md explicitly warns not to read/modify config without user consent, which limits privileged behavior.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install spotify-player-hardened - After installation, invoke the skill by name or use
/spotify-player-hardened - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of spotify-player-hardened – secure terminal Spotify control via spogo (preferred) or spotify_player.
- Spotify playback and search from the terminal, with a fallback to spotify_player if spogo is unavailable.
- Requires Spotify Premium and either spogo or spotify_player to be installed.
- Enhanced security guardrails: confirmation required before destructive or credential-related actions, prevention of sensitive data exposure, and restrictions on automated or networked command usage.
- Quick-start and common command references for both spogo and spotify_player.
- Detailed notes on setup, configuration, and TUI usage tips.
Metadata
Frequently Asked Questions
What is Spotify Player Hardened?
Terminal Spotify playback/search via spogo (preferred) or spotify_player. It is an AI Agent Skill for Claude Code / OpenClaw, with 78 downloads so far.
How do I install Spotify Player Hardened?
Run "/install spotify-player-hardened" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Spotify Player Hardened free?
Yes, Spotify Player Hardened is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Spotify Player Hardened support?
Spotify Player Hardened is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Spotify Player Hardened?
It is built and maintained by Faberlens (@snazar-faberlens); the current version is v1.0.0.
More Skills