spotify-player

Warn

Audited by Socket on Jun 23, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill’s capabilities broadly match Spotify terminal control, but it relies on third-party CLIs and explicitly imports browser cookies into one of them. That makes the main risk credential/session exposure to external tooling rather than clear malicious behavior or off-purpose exfiltration.

Confidence: 86%Severity: 68%
Audit Metadata
Analyzed At
Jun 23, 2026, 06:07 AM
Package URL
pkg:socket/skills-sh/storyclaw-official%2Fstoryclaw-assistant%2Fspotify-player%2F@67b94199f75be9026dbbfd4e944f6a2c9b42603c14fb4d2fdfc6ff027cdda2f8
Security Audit — socket — spotify-player