spotify-player

SUSPICIOUS: the skill’s purpose is coherent, but it relies on third-party Spotify CLIs and a cookie-import auth flow that routes sensitive session data into external software rather than an official Spotify auth path. This is a medium-high security risk with limited evidence of outright malware.