功能描述

Access Spotify listening history, top artists/tracks, and get personalized recommendations via the Spotify Web API. Use when fetching a user's recent plays, analyzing music taste, or generating recommendations. Requires one-time OAuth setup.

使用说明 (SKILL.md)

Spotify History & Recommendations

Name: Spotify History
Author: braydoncoyer

Access Spotify listening history and get personalized recommendations.

Setup (One-Time)

Quick Setup (Recommended)

Run the setup wizard:

bash skills/spotify-history/scripts/setup.sh

This guides you through:

Creating a Spotify Developer App
Saving credentials securely
Authorizing access

Manual Setup

Create Spotify Developer App
- Go to developer.spotify.com/dashboard
- Click Create App
- Fill in:
  - App name: Clawd (or any name)
  - App description: Personal assistant integration
  - Redirect URI: http://127.0.0.1:8888/callback ⚠️ Use exact URL!
- Save and copy Client ID and Client Secret

Store Credentials

Option A: Credentials file (recommended)

mkdir -p credentials
cat > credentials/spotify.json \x3C\x3CEOF
{
  "client_id": "your_client_id",
  "client_secret": "your_client_secret"
}
EOF
chmod 600 credentials/spotify.json

Option B: Environment variables

# Add to ~/.zshrc or ~/.bashrc
export SPOTIFY_CLIENT_ID="your_client_id"
export SPOTIFY_CLIENT_SECRET="your_client_secret"

Authenticate

With browser (local machine):
```
python3 scripts/spotify-auth.py
```
Headless (no browser):
```
python3 scripts/spotify-auth.py --headless
```
Follow the prompts to authorize via URL and paste the callback.

Tokens are saved to ~/.config/spotify-clawd/token.json and auto-refresh when expired.

Usage

Command Line

# Recent listening history
python3 scripts/spotify-api.py recent

# Top artists (time_range: short_term, medium_term, long_term)
python3 scripts/spotify-api.py top-artists medium_term

# Top tracks
python3 scripts/spotify-api.py top-tracks medium_term

# Get recommendations based on your top artists
python3 scripts/spotify-api.py recommend

# Raw API call (any endpoint)
python3 scripts/spotify-api.py json /me
python3 scripts/spotify-api.py json /me/player/recently-played

Time Ranges

short_term — approximately last 4 weeks
medium_term — approximately last 6 months (default)
long_term — all time

Example Output

Top Artists (medium_term):
  1. Hans Zimmer [soundtrack, score]
  2. John Williams [soundtrack, score]
  3. Michael Giacchino [soundtrack, score]
  4. Max Richter [ambient, modern classical]
  5. Ludovico Einaudi [italian contemporary classical]

Agent Usage

When user asks about music:

"What have I been listening to?" → spotify-api.py recent
"Who are my top artists?" → spotify-api.py top-artists
"Recommend new music" → spotify-api.py recommend + add your own knowledge

For recommendations, combine API data with music knowledge to suggest similar artists not in their library.

Troubleshooting

"Spotify credentials not found!"

Make sure credentials/spotify.json exists or environment variables are set
Credential file is checked first, then env vars
Run bash skills/spotify-history/scripts/setup.sh to create credentials

"Not authenticated. Run spotify-auth.py first."

Tokens don't exist or are invalid
Run: python3 scripts/spotify-auth.py (or with --headless if no browser)

"HTTP Error 400: Bad Request" during token refresh

Credentials changed or are invalid
Re-run setup: bash skills/spotify-history/scripts/setup.sh
Or update credentials/spotify.json with correct Client ID/Secret

"HTTP Error 401: Unauthorized"

Token expired and auto-refresh failed

Delete token and re-authenticate:

rm ~/.config/spotify-clawd/token.json
python3 scripts/spotify-auth.py

Headless / No Browser

Use --headless flag: python3 scripts/spotify-auth.py --headless
Manually open the auth URL on any device
Copy the callback URL (starts with http://127.0.0.1:8888/callback?code=...)
Paste it back when prompted

Security Notes

Tokens stored with 0600 permissions (user-only read/write)
Client secret should be kept private
Redirect URI uses 127.0.0.1 (local only) for security

Required Scopes

user-read-recently-played — recent listening history
user-top-read — top artists and tracks
user-read-playback-state — current playback
user-read-currently-playing — currently playing track

安全使用建议

This skill appears to be a genuine Spotify OAuth client, not malware, but the provided setup is inconsistent and likely to fail if run as-is. Before running anything: 1) Inspect scripts locally (you already have them). 2) Do not paste client secrets into untrusted places; prefer env vars over leaving secrets in project files. 3) To make setup work, either export SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET in your shell before running the auth script, or modify spotify-auth.py/spotify-api.py to load credentials/spotify.json (the setup script writes that file but the Python code currently doesn't read it). 4) Note token storage path: ~/.config/spotify-clawd/token.json — delete it if you want to revoke local access. 5) If you don't want to modify files, run the auth script manually after exporting env vars rather than relying on setup.sh. Because of the mismatch between the README/SKILL.md and the actual code, treat this skill as untrusted until you correct or confirm the credential flow.

功能分析

Type: OpenClaw Skill Name: spotify-history Version: 1.1.0 The OpenClaw AgentSkills skill bundle for Spotify History is benign. It transparently implements a Spotify API integration, requiring the user to set up a Spotify Developer App and authenticate via OAuth 2.0. Credentials and tokens are handled securely, stored locally with appropriate permissions, and all network requests are directed solely to Spotify's official API endpoints. The `SKILL.md` and `README.md` provide clear instructions for both human users and the AI agent, with no evidence of prompt injection attempts or instructions for unauthorized actions. The `spotify-api.py` script's ability to make raw API calls is within the stated purpose of a Spotify API wrapper for advanced usage.

能力评估

ℹ Purpose & Capability

Name, description, and the Python scripts all legitimately implement Spotify API access (recent plays, top artists/tracks, recommendations). Requiring OAuth client id/secret and storing tokens in ~/.config/spotify-clawd is consistent with the stated purpose.

⚠ Instruction Scope

SKILL.md and setup.sh present two credential storage options (credentials/spotify.json or env vars) and say the credential file is checked first, but neither spotify-auth.py nor spotify-api.py read credentials/spotify.json — they only read SPOTIFY_CLIENT_ID and SPOTIFY_CLIENT_SECRET from environment variables. setup.sh writes credentials/spotify.json but does not export the credentials into environment variables before launching spotify-auth.py. That mismatch will cause the auth step to fail unless the user manually sets env vars. The instructions therefore promise behavior (file-based credentials being used automatically) that the code does not perform.

✓ Install Mechanism

No install spec and no third-party downloads; the skill is instruction+scripts only. Nothing is being fetched from untrusted URLs or installed system-wide by the skill files themselves.

ℹ Credentials

The only sensitive secrets involved are the Spotify Client ID and Client Secret — appropriate and proportionate for a Spotify integration. However, the registry metadata lists no required env vars while the code expects SPOTIFY_CLIENT_ID/SPOTIFY_CLIENT_SECRET; this inconsistency should be clarified. Tokens are stored locally at ~/.config/spotify-clawd/token.json (expected) and credentials/spotify.json is written in the workspace by the setup script (user-visible, with chmod 600 in script).

✓ Persistence & Privilege

always:false and standard agent invocation. The skill writes a token file to the user's home config directory and may write a workspace credentials file — reasonable for an OAuth client. The skill does not request elevated privileges or modify other skills/configs.

版本历史

v1.1.0

- Added README.md and a guided setup script (scripts/setup.sh) for easier installation. - SKILL.md updated: introduces a quick setup wizard, headless authentication support, and expanded troubleshooting section. - Now supports credential storage via a JSON file or environment variables. - Enhanced documentation for usability and credential management.

v1.0.0

Initial release - Spotify listening history and recommendations

元数据

Slug spotify-history

版本 1.1.0

许可证 —

累计安装 6

当前安装数 6

历史版本数 2

常见问题

Spotify History 是什么？

Access Spotify listening history, top artists/tracks, and get personalized recommendations via the Spotify Web API. Use when fetching a user's recent plays, analyzing music taste, or generating recommendations. Requires one-time OAuth setup. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 2703 次。

如何安装 Spotify History？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install spotify-history」即可一键安装，无需额外配置。

Spotify History 是免费的吗？

是的，Spotify History 完全免费（开源免费），可自由下载、安装和使用。

Spotify History 支持哪些平台？

Spotify History 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 Spotify History？

由 braydoncoyer（@braydoncoyer）开发并维护，当前版本 v1.1.0。

Spotify History