← 返回 Skills 市场
Spotify Playlist Curator
作者
rachel-howell
· GitHub ↗
· v1.0.3
· MIT-0
120
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install spotify-playlist-curator
功能描述
Create and refine Spotify playlists using the Spotify Web API, with support for track search, recent and top listening lookups, queueing selected tracks, and...
安全使用建议
This skill appears to implement what it claims (Spotify playlist curation) and uses reasonable external services (ReccoBeats, MusicBrainz). Before installing: 1) Be aware you must create a Spotify developer app and provide SPOTIPY_CLIENT_ID and SPOTIPY_CLIENT_SECRET; the package metadata omitted this — treat that as a red flag and ask the publisher to correct it. 2) The auth flow will store OAuth tokens (refresh/access) to spotify_tokens.json in the skill directory or other candidate locations (cwd, secrets/). If you use a shared machine, run the skill in an isolated directory or VM and verify where tokens are written. 3) Review scripts/spotify_client.py and scripts/spotify_auth.py yourself to confirm tokens are only used locally (they are) and not exfiltrated to unknown endpoints. 4) Note the skill calls api.reccobeats.com (public recommendations) and musicbrainz.org (public genre lookups); these endpoints are expected but verify you trust them for your privacy model. 5) If you are not comfortable giving playlist/edit and playback scopes to a third-party skill, do not install. If possible, request that the maintainer update the registry metadata to list the required env vars and explain token storage locations. Running the skill in an isolated environment (dedicated user account or VM) and inspecting token files after auth are good safety steps.
功能分析
Type: OpenClaw Skill
Name: spotify-playlist-curator
Version: 1.0.3
The spotify-playlist-curator skill is a sophisticated tool for managing Spotify playlists, using a 3-tier recommendation engine to bypass recent Spotify API regressions. It handles OAuth authentication securely by storing tokens locally (spotify_tokens.json) and uses legitimate third-party APIs like MusicBrainz and ReccoBeats for metadata and audio-feature analysis. The SKILL.md instructions provide the AI agent with detailed musical reasoning and operational guardrails (e.g., asking for permission before modifying existing playlists) without any evidence of prompt injection or malicious intent. All external network calls (to api.reccobeats.com and musicbrainz.org) are aligned with the stated purpose of track discovery and genre lookup.
能力评估
Purpose & Capability
The skill implements Spotify playlist curation and legitimately needs Spotify OAuth credentials and access to playlists/playback; it also calls ReccoBeats and MusicBrainz (both reasonable for recommendations/genres). However, registry metadata claims 'Required env vars: none' while the code and SKILL.md clearly require SPOTIPY_CLIENT_ID / SPOTIPY_CLIENT_SECRET and a tokens file. The metadata omission is an incoherence that could mislead users about required secrets.
Instruction Scope
SKILL.md and scripts confine actions to Spotify, ReccoBeats, and MusicBrainz and to local files (creating .venv, .env, token JSON, and a MusicBrainz cache). The runtime instructs the agent to run provided CLI scripts and check status; it does not instruct scanning unrelated system files. One point to note: the code searches multiple candidate locations for credential and token files (skill root, script dir, current working dir, cwd/secrets), which expands where secrets may be read from.
Install Mechanism
There is no remote binary/install spec; installation is via the included scripts/setup.sh which creates a local virtualenv and pip-installs dependencies from requirements.txt (spotipy, requests). No downloads from untrusted URLs or extract-from-URL steps are present.
Credentials
Requested/environmental secrets are proportional to the functionality (Spotify client id/secret + OAuth tokens with playlist and playback scopes). However the registry metadata does not declare these required env vars or primary credential, which is misleading. Also the code will look for .env and token files in multiple paths (including cwd/secrets), increasing the chance of accidentally picking up credentials from an unexpected location.
Persistence & Privilege
The skill writes local state (virtualenv, .env placeholder if missing, spotify_tokens.json, and a .mb_cache directory) under the skill directory or other candidate paths. It does not request 'always: true', does not modify other skills, and its persistence is limited to local cache and token files — behavior consistent with an OAuth-based client.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install spotify-playlist-curator - 安装完成后,直接呼叫该 Skill 的名称或使用
/spotify-playlist-curator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.3
Improve first-run diagnostics: detect placeholder Spotify credentials earlier, clarify invalid_client auth errors, and document common setup failures.
v1.0.2
Improve first-run setup guidance and make setup.sh print auth commands that work from outside the skill directory.
v1.0.1
Clarify first-run setup: tell the user to run setup.sh when .venv is missing before auth checks.
v1.0.0
Initial release: Spotify playlist creation, audio-DNA analysis, recommendation workflows, and aesthetic blending.
元数据
常见问题
Spotify Playlist Curator 是什么?
Create and refine Spotify playlists using the Spotify Web API, with support for track search, recent and top listening lookups, queueing selected tracks, and... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 120 次。
如何安装 Spotify Playlist Curator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install spotify-playlist-curator」即可一键安装,无需额外配置。
Spotify Playlist Curator 是免费的吗?
是的,Spotify Playlist Curator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Spotify Playlist Curator 支持哪些平台?
Spotify Playlist Curator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Spotify Playlist Curator?
由 rachel-howell(@rachel-howell)开发并维护,当前版本 v1.0.3。
推荐 Skills