← 返回 Skills 市场
Sonos Announce
作者
clawdia & crusta
· GitHub ↗
· v1.0.4
588
总下载
0
收藏
3
当前安装
5
版本数
在 OpenClaw 中安装
/install sonos-announce
功能描述
Play audio on Sonos with intelligent state restoration - pauses streaming, skips Line-In/TV/Bluetooth, resumes everything.
安全使用建议
This skill appears to do what it says, but review and accept the practical effects before installing: it will start a local HTTP server that serves media files on your LAN (default directory ~/.local/share/openclaw/media/outbound), create a PID file next to the module, and run shell commands (lsof, pkill, nohup, netstat/taskkill) to manage the server. Ensure you trust the environment because SONOS_HTTP_PORT/SONOS_HTTP_HOST environment variables control binding and are interpolated into shell commands; avoid running it as root and avoid untrusted environment variable values. If you want extra safety, inspect the included sonos_core.py in full, run it in a restricted environment (VM/container), and confirm you are comfortable exposing the chosen media directory on your LAN.
功能分析
Type: OpenClaw Skill
Name: sonos-announce
Version: 1.0.4
The `sonos_core.py` module contains a critical shell injection vulnerability. The `start_http_server` function uses `os.system` to execute shell commands for starting an HTTP server, and it directly interpolates the `media_dir` parameter (which can be user-controlled via the `announce()` function) into these commands without proper sanitization. This allows for arbitrary command execution on the host system if a malicious `media_dir` value is provided, as demonstrated by the `SKILL.md` showing `media_dir` as a user-configurable parameter. This is a severe vulnerability, but there is no evidence of intentional malicious behavior by the skill developer.
能力评估
Purpose & Capability
Name/description match the implementation: the module discovers Sonos devices (soco), pauses/resumes playback, serves audio via an HTTP server and uses ffprobe to measure duration. Required binaries (python3, ffprobe) and the pip dependency (soco) are appropriate for this functionality.
Instruction Scope
The runtime instructions and code stay within the stated purpose, but the module performs system-level actions: starts/stops a local HTTP server, writes a PID file in the module directory, and runs shell commands (lsof, pkill, nohup, netstat/taskkill). It also exposes files via an HTTP server on the LAN (default ~/.local/share/openclaw/media/outbound). These behaviors are expected for streaming to Sonos but are worth noting because they affect local network exposure and process state.
Install Mechanism
There is no remote install/download; the skill is instruction-only and includes its Python module. The only installation step is installing the 'soco' Python package and ensuring ffprobe is available. No external URLs or archive extracts are used.
Credentials
The skill requests no sensitive credentials and only documents two optional environment variables (SONOS_HTTP_HOST, SONOS_HTTP_PORT) used to control the HTTP server host/port. That is proportionate to running a local HTTP server for media. (Note: the port/host values are used in shell commands — if an environment variable were maliciously set in a shared environment it could affect those commands.)
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide agent config. Its only persistence is a PID file it writes in the module directory and background HTTP server processes it starts/stops — reasonable for the stated purpose.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install sonos-announce - 安装完成后,直接呼叫该 Skill 的名称或使用
/sonos-announce触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.4
- Metadata updated to include version 1.0.2 in SKILL.md.
- Minor documentation updates; no user-facing code changes described.
- No significant feature or API changes noted in documentation.
v1.0.3
No changes detected in this version.
v1.0.2
- Initial release of the core module in version 1.0.2.
- Added main implementation file: sonos_core.py, providing the announce() function for Sonos audio playback with state restoration.
- Now supports intelligent pause, resume, and handling of external inputs (Line-In, TV, Bluetooth).
- Documentation updated with installation, usage, environment variables, platform support, and troubleshooting guidance.
v1.0.1
- Removed the main implementation file sonos_core.py.
- Trimmed metadata by removing the version field from documentation.
- No functional Python code remains; only documentation (SKILL.md) is included.
- The skill now contains documentation only and is non-functional until code is restored.
v1.0.0
- Initial release of sonos-announce (v1.0.0).
- Play audio files on Sonos speakers with automatic and intelligent playback state restoration.
- Supports pausing/resuming music, skipping external inputs (Line-In/TV/Bluetooth), and restoring the original state after announcements.
- Cross-platform support (macOS, Linux, Windows).
- Requires python3, soco, and ffprobe for operation.
- Comprehensive usage examples, environment variable configuration, and troubleshooting included.
元数据
常见问题
Sonos Announce 是什么?
Play audio on Sonos with intelligent state restoration - pauses streaming, skips Line-In/TV/Bluetooth, resumes everything. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 588 次。
如何安装 Sonos Announce?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install sonos-announce」即可一键安装,无需额外配置。
Sonos Announce 是免费的吗?
是的,Sonos Announce 完全免费(开源免费),可自由下载、安装和使用。
Sonos Announce 支持哪些平台?
Sonos Announce 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Sonos Announce?
由 clawdia & crusta(@clawdianova)开发并维护,当前版本 v1.0.4。
推荐 Skills