← Back to Skills Marketplace

Zonefoundry Local Sonos

Name: Zonefoundry Local Sonos
Author: kisssam6886

by kisssam6886 · GitHub ↗ · v1.5.9 · MIT-0

cross-platform ⚠ suspicious

211

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install zonefoundry-local-sonos

Description

Use this skill when an agent needs to control Sonos through ZoneFoundry `zf` on a same-LAN node. Start with readiness checks, then map user requests to safe...

Usage Guidance

This skill appears to be what it claims (local Sonos control via the zf CLI) but it instructs the agent to: (1) auto-update the local zf runtime, (2) fetch and treat zf-provided 'skill' content as authoritative every conversation, and (3) immediately execute commands returned by zf responses. Those behaviors are convenient for handling service-link flows, but they require you to trust the zf binary and its upstream repository. Before installing: verify the upstream repository (github.com/kisssam6886/zonefoundry) and consider pinning the install to a specific tag or commit instead of @latest; run zf and this skill on a dedicated/trusted LAN host (not a critical workstation); disable or require manual approval for automatic zf updates if possible; and be aware that following 'nextCommand' means the agent will run whatever the runtime instructs it to run, so only use this skill where you trust the local runtime and network environment.

Capability Analysis

Type: OpenClaw Skill Name: zonefoundry-local-sonos Version: 1.5.9 The skill bundle is classified as suspicious due to high-risk execution patterns that grant the `zf` binary significant control over the agent. Specifically, `SKILL.md` and `agents/openai.yaml` contain 'Hard rules' instructing the agent to 'Always obey' and immediately execute any command returned in the binary's JSON output (`nextCommand` and `nextAction`). This, combined with instructions for the binary to update itself (`zf update self`) and provide its own capability references to the agent (`zf skill show`), creates a self-modifying execution loop that could be leveraged for Remote Code Execution (RCE) if the binary or its source repository (github.com/kisssam6886/zonefoundry) is compromised.

Capability Assessment

✓ Purpose & Capability

Name/description, required binary (zf), and the go install of github.com/kisssam6886/zonefoundry/cmd/zf@latest line up with its purpose of controlling Sonos via the ZoneFoundry CLI. No unrelated env vars or config paths are requested.

⚠ Instruction Scope

SKILL.md instructs the agent to run many zf commands (setup, doctor, play, auth flows) which is expected for this purpose, but two directives increase risk: (1) 'Always obey nextCommand' / 'Always obey nextAction' — the agent must immediately execute commands returned inside zf JSON responses; and (2) 'On every new conversation, run: zf skill show --format json' and treat returned 'skill' content as the authoritative instructions. Together, these cause the agent to execute commands or follow instruction content that may be provided at runtime by the zf runtime or upstream service. That behavior is functionally coherent for linking flows, but it trusts runtime output and remote skill metadata in ways that can broaden the attack surface.

ℹ Install Mechanism

Install spec builds the zf CLI from the GitHub module via 'go' (@latest). Building from the upstream repo is expected and traceable, but using @latest (not a pinned tag/commit) is less reproducible and means new upstream code may be pulled automatically. This is not an untrusted binary download, but it does increase the chance of unexpected changes compared to a pinned release.

✓ Credentials

No required environment variables or external credentials are declared in registry metadata. The instructions do include auth flows (zf auth smapi begin/complete) and will rely on Sonos/mobile-based login flows, which is appropriate for the skill's purpose.

⚠ Persistence & Privilege

The skill does not set always:true (good), but it instructs agents to auto-check and apply local runtime updates (zf update self) and to refresh skill instructions from 'zf skill show' at the start of every conversation. Combined with the rule to execute 'nextCommand' returned by the runtime, this gives the runtime/remote skill metadata the power to modify agent behavior and cause command execution without explicit human approval. Autonomous invocation is normal, but these automatic update-and-execute patterns increase blast radius and require operator trust in the runtime and its update/source channels.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install zonefoundry-local-sonos
After installation, invoke the skill by name or use /zonefoundry-local-sonos
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.5.9