← 返回 Skills 市场

Zonefoundry Local Sonos

Name: Zonefoundry Local Sonos
Author: kisssam6886

作者 kisssam6886 · GitHub ↗ · v1.5.9 · MIT-0

cross-platform ⚠ suspicious

211

总下载

当前安装

版本数

在 OpenClaw 中安装

/install zonefoundry-local-sonos

功能描述

Use this skill when an agent needs to control Sonos through ZoneFoundry `zf` on a same-LAN node. Start with readiness checks, then map user requests to safe...

安全使用建议

This skill appears to be what it claims (local Sonos control via the zf CLI) but it instructs the agent to: (1) auto-update the local zf runtime, (2) fetch and treat zf-provided 'skill' content as authoritative every conversation, and (3) immediately execute commands returned by zf responses. Those behaviors are convenient for handling service-link flows, but they require you to trust the zf binary and its upstream repository. Before installing: verify the upstream repository (github.com/kisssam6886/zonefoundry) and consider pinning the install to a specific tag or commit instead of @latest; run zf and this skill on a dedicated/trusted LAN host (not a critical workstation); disable or require manual approval for automatic zf updates if possible; and be aware that following 'nextCommand' means the agent will run whatever the runtime instructs it to run, so only use this skill where you trust the local runtime and network environment.

功能分析

Type: OpenClaw Skill Name: zonefoundry-local-sonos Version: 1.5.9 The skill bundle is classified as suspicious due to high-risk execution patterns that grant the `zf` binary significant control over the agent. Specifically, `SKILL.md` and `agents/openai.yaml` contain 'Hard rules' instructing the agent to 'Always obey' and immediately execute any command returned in the binary's JSON output (`nextCommand` and `nextAction`). This, combined with instructions for the binary to update itself (`zf update self`) and provide its own capability references to the agent (`zf skill show`), creates a self-modifying execution loop that could be leveraged for Remote Code Execution (RCE) if the binary or its source repository (github.com/kisssam6886/zonefoundry) is compromised.

能力评估

✓ Purpose & Capability

Name/description, required binary (zf), and the go install of github.com/kisssam6886/zonefoundry/cmd/zf@latest line up with its purpose of controlling Sonos via the ZoneFoundry CLI. No unrelated env vars or config paths are requested.

⚠ Instruction Scope

SKILL.md instructs the agent to run many zf commands (setup, doctor, play, auth flows) which is expected for this purpose, but two directives increase risk: (1) 'Always obey nextCommand' / 'Always obey nextAction' — the agent must immediately execute commands returned inside zf JSON responses; and (2) 'On every new conversation, run: zf skill show --format json' and treat returned 'skill' content as the authoritative instructions. Together, these cause the agent to execute commands or follow instruction content that may be provided at runtime by the zf runtime or upstream service. That behavior is functionally coherent for linking flows, but it trusts runtime output and remote skill metadata in ways that can broaden the attack surface.

ℹ Install Mechanism

Install spec builds the zf CLI from the GitHub module via 'go' (@latest). Building from the upstream repo is expected and traceable, but using @latest (not a pinned tag/commit) is less reproducible and means new upstream code may be pulled automatically. This is not an untrusted binary download, but it does increase the chance of unexpected changes compared to a pinned release.

✓ Credentials

No required environment variables or external credentials are declared in registry metadata. The instructions do include auth flows (zf auth smapi begin/complete) and will rely on Sonos/mobile-based login flows, which is appropriate for the skill's purpose.

⚠ Persistence & Privilege

The skill does not set always:true (good), but it instructs agents to auto-check and apply local runtime updates (zf update self) and to refresh skill instructions from 'zf skill show' at the start of every conversation. Combined with the rule to execute 'nextCommand' returned by the runtime, this gives the runtime/remote skill metadata the power to modify agent behavior and cause command execution without explicit human approval. Autonomous invocation is normal, but these automatic update-and-execute patterns increase blast radius and require operator trust in the runtime and its update/source channels.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install zonefoundry-local-sonos
安装完成后，直接呼叫该 Skill 的名称或使用 /zonefoundry-local-sonos 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.5.9