Sonos Music Search Skill

Search and play music on Sonos speakers using Brave Search to find Spotify tracks

This skill appears to implement what it claims (Brave Search → find Spotify track → play on Sonos), but I recommend the following before installing or enabling it: 1) Do not rely on the registry metadata alone — the code requires BRAVE_API_KEY but the metadata does not declare it. Set BRAVE_API_KEY in your environment before using the skill (or the module will throw at import). 2) Inspect package.json and the two dependencies (@brave/search-api and sonos) and run `npm audit` locally; installing will fetch code from npm. 3) Be aware the skill performs web searches and will use the first search hit without robust validation — it may fail to play or produce incorrect URIs. 4) If you plan to enable autonomous invocation, remember the skill will make outbound network calls (Brave) and perform LAN discovery of Sonos devices; only grant access in environments where that is acceptable. 5) Prefer installing only if the project source and repository are trustworthy; ask the publisher to fix the metadata to declare BRAVE_API_KEY and to validate Spotify URLs and search fallbacks before you enable it.

Type: OpenClaw Skill Name: sonos-music-search-skill Version: 1.0.0 The skill provides legitimate functionality for searching Spotify tracks via Brave Search and playing them on local Sonos speakers. The code in src/index.js is straightforward and aligns with the documentation in SKILL.md and README.md. While the included audit-report.md identifies several implementation flaws (such as lack of URL validation and case-sensitivity issues), these are classified as unintentional bugs rather than malicious intent. No evidence of data exfiltration, unauthorized remote execution, or harmful prompt injection was found.